587 words, 2.2 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Implement and improve information governance processes related to litigation, including preservation holds.

The big picture: Make headway so that your staff assures protection for the information assets of the business through internal control, internal auditing, IT security, recovery procedures and assuring proper insurance coverage.

Why it matters: Liaison so that your organization contributes to various project efforts relating to SOX PMO, Vendor Management, External Audit, Information Security, and Enterprise Risk Management.

Go deeper: Manage complex programs and is adept at functioning quickly, independently, and effectively as both project and relationship manager, of critical importance for the implementation, rollout, and maintenance of the Audible intranet and related digital workplace tools.

On the flip side: Coordinate with Information Security Management to track the progress of the third party risk and security program and to maintain alignment with the plan.

The backdrop: Support Information Security programs which include governance (policy and standards), security enhancements, new security technology evaluation and testing, project requirement gathering, internal (internal) client communications, documentation, and security awareness.

Be smart: Ensure you do not need to have involvement in a organization department or the health sector as your staff have backgrounds in a range of fields in both the public and private sectors.

Between the lines: Create policies and controls for the appropriate protection of enterprise information assets through a defined life cycle from acquisition or creation to end of life destruction and disposal procedures.

How it works: Confirm that your process consults on high visibility/high risk IT projects and provides guidance to team members and information security staff on security and compliance matters.

Yes, but: Serve as primary leader driving decision phases for large initiatives to identify and solve for critical business decisions, solution assessments, and recommended architecture.

What they’re saying: “Certify your group maintains a strong operational risk culture through proactive leadership, open dialogue, and transparent sharing of information with lines of business and Internal Audit.“, Software Engineer – Enterprise Solutions

The bottom line: Confirm that your operation defines roles and responsibilities related to data governance ensuring clear accountability for stewardship of your organizations principal information assets.

What’s next: Ensure your company is involved in leading activities around requirements gathering, data analysis, extraction, validation, data modeling transformation and integration with data from multiple disparate systems.

ICYMI: Warrant that your staff leads a team accountable for monitoring and tracking information governance, data security, application security, and information asset management capabilities as it pertains to sensitive data management scope and strategies.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

637 words, 2.4 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Develop and implement information security risk reporting for management teams and governance committees.

The big picture: Make sure the development, implementation and oversight of a Third Party Risk governance structure that ensures that vendors that expose the organization to compliance, credit, information security, offshore, operational, reputational or strategic risk adhere to appropriate controls.

Why it matters: Safeguard that your operation resides on the Data Governance Executive Board and a key contributor to the Data Management and Governance initiatives and programs, supporting them to successful completion.

Yes, but: Partner with engineering to maintain a common data model across service providers and facilitate API integrations across both internal and 3rd party applications/tools.

What to watch: Work with business partners and information governance stakeholders to assess and coordinate the resolution of data integrity issues and gaps in order to implement timely remediation with contributor.

State of play: Be confident that your strategy directs solution architecture effort in terms of quality, timeliness, and compliance with requirements and expectations, assuring with minimal or no disruption to IT operations.

What they’re saying: “Meet regularly with the (internal) client accounts manager and other department staff to promote efficiency and effectiveness in department operations and results obtained.“, Principal/Staff Software Engineer (Device Software) – IoT Devices

Go deeper: Be confident that your company designs and undertakes complex management studies, initiatives, or data gathering efforts, to provide information that assists management in Online Services program areas, improve program delivery, and identify actual or potential problem areas impacting program operations and (internal) customer involvement in the short and long term.

On the flip side: Define and communicate enterprise information security requirements, procedures, policies, and standards for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.

Under the hood: Secure that your company has knowledge and involvement in multiple Information Security domains like security monitoring, threat intelligence, network security, data security, endpoint security, technical security assessments, security architecture.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

How it works: Verify that your design is managing and delivering security related tooling and infrastructure projects including identity access management, endpoint security, network monitoring, security information and event management (SIEM) platforms, and zero trust.

The bottom line: Apply and execute the appropriate systems engineering, program protection and certification-related policies, principles, and practices across all levels and phases of the development lifecycle to increase the level of confidence that a system functions as intended, is free from exploitable vulnerabilities, and protects critical program functions and information.

What’s next: Check that your strategy is helping to ensure the risk management processes align with Business and Information Security objectives while ensuring policy and process compliance.

ICYMI: Connect Centric specializes in helping your overarching agency (internal) customers deploy new or improve existing contact centers through comprehensive support services, including governance, (internal) customer experience, technology, and operations and maintenance.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

662 words, 2.5 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Certify your staff is incorporating audit findings and recommendations into Information Security.

The big picture: Partner with other members of your GRC Team to develop positive relationships and serve as a highly professional representative to both internal and external (internal) customers.

Why it matters: Make headway so that your strategy contributes to the facilitation of technology on boarding and off boarding through the Information Security Programs Risk Review process.

The backdrop: Establish that your operation partners with business leaders/champions and solution delivery teams to identify key performance indicators, business requirements and measures to support and deliver the Enterprise Business Intelligence Strategy.

What to watch: Make sure the ISSM is responsible for applying Information System (IS) security principles, practices, and procedures under the Risk Management Framework (RMF) to maintain compliance with applicable security regulations, such as NIST, CNSSI, and NISPOM, governing the development and management of classified information systems.

On the flip side: Ensure you can influence your engineering architecture to help lead you into the next phase of growth for your Connected Devices IoT platform.

What we’re hearing: “Administer and measure company-wide Information Security governance processes; Assess, evaluate, and identify gaps; Make recommendations to management regarding the adequacy of the security controls and ensure deployment of solutions.“, Technical Business Analyst

Meanwhile: Assure your operation ensures that associated information and data management performs effectively and efficiently, conceptually, logically and physically for the down stream applications.

How it works: Act as a liaison between the business process owners, system end users and information technology resources on all things related to IT governance, risk/controls and compliance, turning business requirements into functional requirements.

State of play: Ensure your organization is acting as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.

Yes, but: Confirm that your personnel is responsible for leading Cybersecurity and IT governance, risk, and compliance efforts, including the establishment and maintenance of IT operating model and facilitating the development of technology policies and standards.

Be smart: Safeguard that your group serves as an internal consultant advising leadership on all information security questions, concerns and suggestions for current and future state.

Go deeper: Make sure the CISO leads the overall management and strategic oversight of enterprise information security including risk and compliance policies, procedures and practices, data loss prevention, governance, investigations, and forensics.

The bottom line: Liaison so that your strategy participates in the change management and service ticket management processes including receiving, resolution monitoring, and ensuring (internal) customer satisfaction.

What’s next: Verify that your staff is tuning regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered.

ICYMI: Implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and perform and/or oversee vulnerability testing.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

663 words, 2.5 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Develop experience managing multiple teams and including engineering managers and individual contributors.

The big picture: Make headway so that your design is involved in driving development of solutions mapping across various systems to deliver end to end solutions.

Why it matters: Review and update your organizations information security policies and standards to ensure continued effectiveness and compliance with applicable overarching, State, and local laws.

Under the hood: Collaborate with your Security team on designing and building secure digital workplace that is compliant with applicable organization regulations and industry security requirements.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

What we’re hearing: “Verify that your company works with GRC and other security tools to collect and maintain security and risk information and lead remediation efforts per the Security Roadmap and established standards.“, Engineering Technician III (Off-Shift)

Yes, but: Ensure your areas of expertise include Cloud enablement, Data and AI, DevOps, Digital strategy, Intelligent applications, IoT and smart edge, and Transformation Services.

Be smart: Guarantee your design ensures that project goals are accomplished and aligned with business objectives; responsible for managing the team that develops and carries out process mapping, test scripts and user acceptance testing; monitors project activities ensuring currency, quality, and integrity of the information, providing consistency in content and look and feel across the enterprise.

State of play: Ensure you are working to advance your organizations next generation data distribution platform, with the aim to seamlessly deliver real time and on demand data and analytics.

On the flip side: Check that your staff plans, coordinates and conducts the analysis of (internal) client business processes and functional requirements and the preparation of appropriate documentation to communicate and validate the information.

Go deeper: Manage the discovery process and evidence collection for litigation, including e discovery, fact investigation, and collection of data and information from internal custodians.

Between the lines: Ensure your public sector team members find solutions that help organization leaders with issues including risk management, enterprise risk management, financial management, human capital, information technology and performance management in overarching, state, local and international organizations.

How it works: Establish that your team works closely experienced in gathering information, identify issues and provide recommendations and draft documentation to achieve overall goals for system strategic planning.

What to watch: Make sure your organization develops and maintains inventory of the enterprise information maps and facilitates the development and implementation of data quality standards, data protection standards and adoption of data definition standards.

The bottom line: Develop data flow pipelines to extract, transform, and load data from various data sources in various forms, including custom ETL pipelines that enable model and product development.

What’s next: Explore different opportunities to maximize and exploit unused or partially used information technology hardware assets in order to receive full efficiency and return on investments.

ICYMI: Make headway so that your workforce promotes and oversees strategic relationships between internal Information Technology resources and external entities, including overarching and state organization agencies, vendors, and partner organizations.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

627 words, 2.3 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Safeguard that your team collaborates with business operations to resolve Information Security governance conflicts.

The big picture: Ensure you are skilled at building relationships, partnering seamlessly with investment analysts to help them build fluency on ESG issues, and with internal teams such as Investment Group Technology, Engagement, and Governance and Proxy to support their ESG objectives and ensure the effective dissemination of ESG-related information.

Why it matters: Establish that your operation provides technical assistance and security guidance in the areas of information systems and telecommunications to information systems owners, technicians, and general users.

Meanwhile: Support the Information System Security Manager (ISSM), Information System Security Officer (ISSO), and Cybersecurity lead in meeting all RMF documentation, process, policy, risk assessment, testing, and continuous monitoring requirements per the NIST SP-800 series.

State of play: Be confident that your strategy is designing and implementing data protection policies, processes, and procedures to align with GDPR and Information Security policies, especially for cloud-hosted data environments and (internal) customer data handling throughout the development lifecycle.

How it works: Ensure your organization is establishing a roster of qualified experts in information and systems for health with expertise in evaluation and research methods applied to information systems and digital health.

What they’re saying: “Leverage industry best practices to manage and maintain data privacy and security practices in the processing of data and personally identifiable information across information technology and records management systems.“, Senior Hardware Engineer

The backdrop: Ensure you currently engage with a variety of the largest health insurance companies, supporting information and software development organizations and various organization organizations.

Go deeper: Recommend new toolsets, or changes in toolsets, and guide organizational change management upon introduction of new tools, training on existing tools, or changes to views.

What to watch: Be certain that your strategy is involved in driving development of solutions mapping across cloud, devices/sensors, analytics and mobility based offerings to deliver end to end solutions.

Yes, but: Make sure the Chief Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organizations information security policies.

The bottom line: Make sure your strategy is accountable for risk identification, development and prioritization of sensitive data and information governance policies, strategies and initiatives to meet regulatory, and business requirements.

What’s next: Make headway so that your team is involved in governance with modern environments, Big Data and traditional DW environments supporting Data Governance and master data management principles and techniques.

ICYMI: Secure that your staff leads IT Security Steering Committee, infusing information security governance procedures that foster resiliency, raise awareness, govern policy and review security related activities.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox