660 words, 2.4 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Implement and enforce data access standards with priority by established information security policies.

The big picture: Lead a technical team to develop and deploy state of the manufacturing software systems technologies in support of early stage, pilot and high-volume manufacturing activities for new technology transfer, process improvement, cost reduction or capacity expansion.

Why it matters: Manage organization wide information security governance processes, and lead Information security personnel in the establishment of an information security program and project priorities.

Under the hood: Operationalize the selection, implementation, and management of an ERM GRC/BC software application(s) (to include risk assessments, risk event repository, Compliance, Information Security and BC components).

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Between the lines: Develop leadership, talent strategies, and tactics to maximize the effectiveness and output of core IT teams; infrastructure, business systems, IT support, and IT security.

State of play: Safeguard that your company owns conceptual solution overview including contextual, component, integration/data flow designs and systems impacted systems in order to solve business problem.

Meanwhile: Develop a strategy for the continuous monitoring of security control effectiveness and any proposed/actual changes to the information system and its environment of operation.

Be smart: Make sure the Information Security team mission is to build and protect stakeholder trust (internal) customers, employees, investors in your business, especially where technology is involved.

What to watch: Develop and continually improve the cybersecurity risk management program, in alignment with Enterprise Risk Management, conduct periodic information security risk assessments and facilitate mitigation practices.

Go deeper: Certify your workforce ensures all engineering projects, initiatives, and processes conform with organizations established policies and objectives, and is ultimately responsible for product implementation, delivery, and maintenance at scale.

Yes, but: Lead (internal) clients with the identification of weaknesses and potential threats to existing information security strategy encompassing of people, process and technologies and provide security and process recommendations to close any gaps.

What we’re hearing: “Develop experience defining the specific metrics which communicate the benefits of an architecture program to the business; tracking to what extent those benefits are being delivered on an ongoing basis; and identifying metric stakeholders and owners.“, Senior Test Engineer

What they’re saying: “Secure that your company develops and enforces the organizations security policies and procedures, security awareness program, the information security portion of the business continuity and disaster recovery plans, and all industry and organization compliances issues.“, Customer Success Manager

The bottom line: Ensure strongly prefer involvement in assessing or building end-to-end cybersecurity solutions, including data protection solutions, security incident and event monitoring platforms, threat and vulnerability programs, security operations centers and other cybersecurity solutions.

What’s next: Develop experience safeguarding confidential information, handling personally identifiable information (PII) and complying with the Privacy Act and all applicable organization regulations on individual privacy.

ICYMI: Ensure your design is responsible for all facets of the Information Security and IT enterprise wide Governance, Risk and Compliance in alignment with organizations across IT and your organization.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

784 words, 2.9 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Evaluate the results of the assessment, advise management, and propose remediation solutions.

The big picture: Secure that your company monitors, evaluates and audits records maintained by service lines to ensure work processes and policies related to the records and information lifecycle are adhered to and documented.

Why it matters: Plan, scope, develop and invest in the coordination, execution, and communication of new, and ongoing Information Security you Compliance initiatives relevant to the implementation of Information Security you Compliance efforts.

On the flip side: Act as a liaison to the business and Information Security groups and lead them in the implementation of data security, compliance requirements, and information security technologies.

What they’re saying: “Make sure your staff operationalizes risk strategy and rationalizes security plans and goals into programs and projects that address system-wide risks, improves information security capability maturity, and supports long-term strategic initiatives.“, Principal/Staff Software Engineer (Device Software) – IoT Devices

Under the hood: Make sure the Information Technology Security Engineer is responsible for the operation of agency security infrastructure, technical security guidance in the application of best practices, and ensuring that the configuration of agency systems, applications and networks are in compliance with agency security policies.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

The backdrop: Provide support for the information resource management activities for the organization across a diverse set of technological and business elements by applying sound information resource management tools and techniques.

Between the lines: Be confident that your company projects goals could be focused around people, process, or tools concerning IT Service Management (ITIL), HR Information Systems, (internal) customer Service Management, IT Security Operations, IT Governance Risk and Compliance, Facilities, Project and Portfolio Management, IT Financial Management, Organizational Change Management, and or IT Operations Management Oriented topics.

Go deeper: Establish that your strategy works across departments to facilitate cyber risk assessment and management processes to ensure consistent application of information security policies.

Yes, but: Develop, maintain and verify system protocols are consistent with organization policies and procedures for maintenance of all physical and electronic (internal) client records.

Be smart: Work with Product, Development, and Infrastructure to invest in the overall business technology planning, providing a current knowledge and future vision of technology and systems.

State of play: Collect information for each engagement from the Readiness Review team and the Engagement team to determine if any additional assets your organization is discovered that had not been identified on the data call; determine level of effort it took to complete the engagement, to include the final report; identify other information items related to engagements which could be useful to improve any of the processes used pre-engagement, during an engagement, or post engagement; and perform analytics on information gathered concerning engagements to further refine and improve processes related to support and performance of engagements.

Meanwhile: Check that your staff applies detailed technical knowledge to evaluate security controls on a variety of information system platforms Windows, Linux/Unix, etc.

How it works: Develop and implement procedures to track (internal) clients information technology assets to oversee quality control throughout the life cycles, whether purchased or leased.

The bottom line: Define relevant deployment metrics as you scale and evolve existing release metrics educate internal stakeholders by illustrating those trends with BI and data visualization tools.

What’s next: Be certain that your strategy partners with Business Sponsor, Stakeholders and SMEs and the Project Team to derive and define business requirements and drive functional and technical designs for Business Intelligence (BI) Solutions (Data Warehouse, ETL, Metadata, Operational/Tactical/Strategic Reporting, and Dashboards).

ICYMI: Safeguard that your organization is involved in implementation of IT governance best practices that drive meaningful improvements in the business value of data at an enterprise level.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

618 words, 2.3 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Support in the development and maintenance of information security policies and procedures.

The big picture: Establish that your process works with organization administration, legal counsel, and other related parties to represent the organizations information security interests with external parties (state or local organization bodies) who undertake to adopt or amend privacy legislation, regulation, or standards.

Why it matters: Guarantee your group coordinates with Information Governance Unit to assure transparency with rule making processes and timely response to rule making information requests.

The backdrop: Conduct security assessments of system security plans to help ensure that plans provide security controls for information systems that meet stated security requirements.

Be smart: Interface so that your operation is ensuring suspicious incidents and threat information occurring in the geographic area of responsibility are identified, properly addressed, reported and documented.

What they’re saying: “Undertake new projects that involve understanding new data sets, modeling the data in an optimal way to support reporting use cases and creating reporting deliverables.“, Systems Test Engineer

Yes, but: Assess the current application portfolio, identify long term business needs and provide tools to help decide whether applications should be managed internally or by third parties.

Between the lines: Safeguard that your staff is involved in governance, controls, process and procedures, centers of competency, change management, conceptual data modeling, master data management, data standardization and stewardship, information integrity and compliance, and data quality management.

Under the hood: Be sure your organization is responsible for creating and/or maintaining architectural artifacts, policies, standards, and procedures to manage information systems architecture (data systems, applications, and technology) which covers standard development practices, software architecture, system architecture, business intelligence architecture.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

What to watch: Conduct computing environment technical security assessments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.

State of play: Make sure the intent of this research is to create written guidance and continuity for ongoing and future MPC lines of effort as related to compliance with Information Assurance (IA) regulations and requirements.

The bottom line: Use your leadership and technical skills to support your organization of Workforce Development and its partners in information security matters related to governance, risk, and compliance.

What’s next: Safeguard that your operation provides the leadership, motivation and environment necessary for building high performing teams that collaborate with enterprise stakeholders in defining information governance, data quality, data management, information architecture, and information asset management capabilities that supports business needs.

ICYMI: Ensure your personnel develops and maintains an information security governance framework, performance measurements and tracking system to help ensure the timely and effective implementation of security initiatives and risk management program interdependencies.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

619 words, 2.3 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Drive modern solution building approaches, including automation, testing based development, CI/CD, microservices, etc.

The big picture: Invest in providing analysis of architectures, technologies, policies, information and analytic data used to determine prevention, detection, and mitigation of anomalous activity, vulnerabilities and inefficiencies.

Why it matters: Make headway so that your group is analyzing Data or Information Identifying the underlying principles, reasons, or facts of information by breaking down information or data into separate parts.

Meanwhile: Make sure your personnel collaborates with other IT department leaders to identify business needs; plan, schedule, and coordinate work; and ensure integration of business needs and information technology solutions.

Go deeper: Foster relationships with (internal) client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and governance levels.

Under the hood: Invest in closure for all projects and perform required benefit analysis in collaboration with project team and maintain record of all IT governance meetings.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Yes, but: Participate in collaboration bodies as the architecture delivery forum to successfully influence the direction of key technical elements and build overall architecture capability.

What to watch: Ensure information security governance and risk management activities align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures.

On the flip side: Drive continued improvement to provisioning and configuration processes across multiple system, vendor, and data center environments including system availability through problem identification and resolution.

State of play: Make headway so that your design provides technical and best practice guidance on Information Technology Risk and Information Technology taking into account specific business platform complexities, and issues.

The backdrop: Lead working sessions with operational and information system owners on the onboarding of new data assets including documentation of processes, procedures, system interfaces, data dictionaries, data models and requirements for all new analytical data assets.

Between the lines: Help build, maintain and improve upon a system architecture that supports frequent enhancements and updates to stay ahead of trends and innovations as well as future business needs, including load management.

The bottom line: Serve as a champion and educator in helping non information systems experts to recognize and anticipate information system requirements often and early a project, program or portfolio lifecycle.

What’s next: Safeguard that your staff is coordinating and conducting governance and portfolio management activities associated with ensuring compliance with the enterprise architecture; and/or ensuring the rigorous application of information security/cybersecurity policies, principles, and practices to all components of the enterprise architecture.

ICYMI: Make sure the Manager oversees and leads the implementation and maintenance of the Enterprise Content Management (ECM) system, which helps to manage information flows across your organization.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox

624 words, 2.3 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Develop experience authoring, reviewing and maintaining information security related policies and procedures.

The big picture: Safeguard that your company establishes and implements a security awareness training and education program to educate, refresh, and motivate personnel to protect people, property and information.

Why it matters: Check that your design provides education and information to the public and internal staff regarding data analytics and the utilization of civic technology.

On the flip side: Work with all stakeholders, General Counsel, IT, the Lines of Business and strategic partners to develop and maintain Information Security standards governing the implementation, support and management of all IT systems.

What to watch: Check that your group aims to identify and manage existing and emerging risks and integrate risk management strategies and educate risk owners across the enterprise on information security requirements and best practices.

State of play: Ensure your public sector team members find solutions that help organization leaders with issues including acquisitions, financial management, human capital, information technology and performance management.

Under the hood: Create the technical approach for the shared operational capabilities of (internal) customer identity and access management (CIAM), including (internal) customer registration, self-service, authentication, authorization, identity federation, governance and administration, user provisioning, role-based access control, audit, and reporting.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Yes, but: Make sure the IT Security Compliance specialization works with the Information Security Compliance team and your organization to support the security risk management program.

What they’re saying: “Develop of policies and procedures for governing the introduction of new/revised tax changes including monitoring and communicating tax change activities, oversight of the sub-custody network and maintenance of tax collateral, tax technical information.“, Systems Test Engineer

Go deeper: Make sure the IT Director, Governance, Risk, and Compliance is responsible for establishing and maintaining your organizations overall IT Governance, Risk and Compliance program, which is designed to ensure that your organizations IT systems and information assets are adequately protected and responsible for identifying, evaluating and reporting on information security risks in a manner that meets your organizations regulatory and other compliance requirements.

Be smart: Design and implement solutions that meet business objectives as well as financial, time and quality targets (delivered through internal efforts and/or via partners).

The bottom line: Perform information security, governance, risk and compliance assessment reports on third party suppliers to ensure supply chain risk is managed throughout the suppliers lifecycle.

What’s next: Interface so that your process increase Data Coverage by working closely with stakeholders and Data Scientists, understanding and evaluating their data requirements to create meaningful, organized and structured information.

ICYMI: Certify your personnel challenge past practices by actively exploring and implementing new solutions and methodologies to improve the quality and time to market.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox