a company from taiwan...2018/09/17 · software •software engineering & programming...
TRANSCRIPT
A company from Taiwan
http://www.amicliens.com
Mission
To Help People
Enjoy Learning
Wentz Wu◼Professional Experience
⚫Co-founder, Amicliens Service Technology
⚫Also known as Bruce Wu
⚫Designated as Project Manager
⚫20+ Years of IT Experience
◼Education
⚫Executive MBA from Troy State University
⚫Bachelor of Information Management from Tamkang University, Taiwan
Certifications◼ Project Management
⚫ PMI-PMP, Project Management Professional
⚫ PMI-ACP, Agile Certified Practitioner
⚫ PMI-PBA, Professional in Business Analysis
⚫ PMI-RMP, Risk Management Professional
◼ Security Governance
⚫ CISM, Certified Information Security Manager
⚫ CRISC, Certified in Risk and Information Systems Control
⚫ CISA, Certified Information Systems Auditor
◼ Security Assurance
⚫ CISSP, Certified Information Systems Security Professional
⚫ Provisionally passed ISC2 CCSP exam on 2018/09/07
⚫ Provisionally passed ISC2 CSSLP exam on 2018/09/13
◼ Information Technologies
⚫ AWS-CSAA, AWS Certified Solution Architect – Associate
⚫ MCSD, Microsoft Certified Solutions Developer on App Builder
⚫ MCSD, Microsoft Certified Solutions Developer on VB6 (LEGACY)
⚫ MCDBA, Microsoft Certified Database Administrator on SQL 2000 (LEGACY)
⚫ MCSE, Microsoft Certified Systems Engineer on Win 2000 (LEGACY)
⚫ MCSE, Microsoft Certified Systems Engineer on NT4 (LEGACY)
⚫ MCP, Microsoft Certified Professional Since 1998
My Professional Service Offerings
• Business Solutions and Applications
• Microsoft .NET-based
• Mobile Apps (off-site or off-shore partners)Software
• Software Engineering & Programming
• Information Security (exam-centric)
• English (partnership with native speakers)Training
• IT Professional Career Paths
• Project Agility
• Effective LearningCoaching
My Expertise Stack
IT Infrastructure & Technologies(Network + Telephony + Cloud)
Unified Communication Contact Center
Software Engineering
Domain Knowledge & Professional Experience
Pro
ject M
anage
me
nt
Business Administration
Quality SoftwareFunctionality + U PASS ME!
Software
Craftsmanship
Critical Success
Factors
Quality
Usability
Performance
Availability
ScalabilitySecurity
Maintenance
Extensibility
Quality SoftwareFunctionality + U PASS ME!
Information Assurance
Security Governance
Security Technologies
Information Security Certifications
SecurityGovernance
InformationAssurance
SecurityTechnologies
ISACA
ISC2
EC-Council
• What is risk?
• Risk Metalanguage
• Inherent Risk and Residual Risk
• Risk Treatment/Response
• Risk Management Framework
• Governance, Risk, and Compliance
Agenda
What is Risk?
• ISO❑ The combination of the probability of an event and its
consequence. (ISO/IEC71)
❑ According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected.
• Dr. Hillson❑ Uncertainty that matters.
❑ Uncertainty that could affect objectives.
❑ Uncertainties which if they occur will have a positive or negative effect on one or more objectives.
http://www.who.int/management/general/risk/WhenRiskNotRisk.pdf
Risk Elements
Cause Risk Effect
Risk Metalanguage
Cause Risk Effect
• As a result of using novel hardware, unexpected system-integration errors may occur which wouldlead to overspending on the project.
• Because our organization has never done a project like this, we might misunderstand the customer's requirement, and our solution wouldnot meet the performance criteria.
https://www.pmi.org/learning/library/project-risks-causes-risks-effects-4663
Residual Risk
Residual Risk
TreatmentInherent
Risk
Risk Treatment/Response
Risk Management Framework
BoardOf
Directors
Executives(Senior Management)
Management
Employees
• NIST SP 800-39• COBIT for Risk
• COSO• ISO 31000
ISO 27005
The Sarbanes-Oxley Act, SOX
◼ Arthur Andersen⚫ Enron scandal, 2001
⚫ WorldCom scandal, 2002
◼ Big Four accounting firms
https://en.wikipedia.org/wiki/Big_Four_accounting_firms
COSO
https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-
Summary.pdf
ISO 31000
http://rmacademy.modulo.com/glossary/iso-31000/
COBIT for Risk
https://blogs.itb.ac.id/el5216/2013/12/06/4/
ISO 27005
https://www.researchgate.net/figure/The-ISO-27005-Risk-Management-workflow_fig1_308887387
NIST SP 800-39
PMI Project Risk Management
https://prozcomblog.com/2016/09/02/an-approach-to-risk-management-in-the-language-industry-part-2-of-5/
Corporate Governance
http://www.20microns.com/corporate-governance/
Corporate Governance
Board of Directors and Committees
Strategic Management
Enterprise Architecture
Monitoring and Internal
Control
Laws and Regulations
Risk - Compliance
Strategic Management
https://www.smartinsights.com/goal-setting-evaluation/goals-kpis/difference-marketing-objectives-marketing-goals/
Vision
Goals
Objectives
KPIs and CSFs
Metrics and Measures
Future & Direction
Mission: Purpose and Values
SMART Goals
Strategic Planning
Balanced Score Card
Management by Objectives
Governance Risk
Compliance
GRC
• Vision/Goals/Strategy
• Enterprise Architecture
• Threats and Opportunities
• Risk Appetite
• Laws and Regulations
• Due Care/Due Diligence
• Ethics
Enterprise Risk Types
https://www.mindmeister.com/generic_files/get_file/7065118?filetype=image_file&img=18627574&cb=6ceca5
Compliance
Explicit
Laws
Regulations
Industry Standards
Implicit
Due Care/Due Diligence
Ethics