With a 60-hour exam-prep course and after 2 weeks or 20 hours of study or so, I passed the exam of PMI Professional in Business Analysis.
The primary materials:
- PMI-PBA Certification ExamPrep Course from Advanced Business Consulting Inc.
- The PMI Guide to Business Analysis
- Business Analysis for Practitioners: A Practice Guide
- PMBOK Guide – Sixth Edition
- RMC PMI-PBA Exam Prep: Premier Edition
- Pluralsight PBA Courses
And the following materials relevant to strategy execution :
- Organizational Project Management Maturity Model (OPM3)
- The Standard for Portfolio Management
- The Standard for Program Management
The six steps that comprise the RMF include:
- System Categorization;
- Security Control Selection;
- Security Control Implementation;
- Security Control Assessment;
- System Authorization; and
- Security Control Monitoring
IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500).
IT security governance should not be confused with IT security management. IT security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions.
Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations.
NIST describes IT governance as the process of establishing and maintaining a framework
- to provide assurance that information security strategies are aligned with and support business objectives, (alignment)
- are consistent with applicable laws and regulations through adherence to policies and internal controls, (compliance)
- and provide assignment of responsibility, all in an effort to manage risk. (accountability)
Enterprise security governance results from the duty of care owed by leadership towards fiduciary requirements. This position is based on judicial rationale and reasonable standards of care. The five general governance areas are:
- Govern the operations of the organization and protect its critical assets
- Protect the organization’s market share and stock price (perhaps not appropriate for education)
- Govern the conduct of employees (educational AUP and other policies that may apply to use of technology resources, data handling, etc.)
- Protect the reputation of the organization
- Ensure compliance requirements are met
“Governing for enterprise security means viewing adequate security as a non-negotiable requirement of being in business.”
Governance is doing the right thing, while management is doing things right.
The purpose of physical security is to protect against physical threats. The following physical threats are among the most common:
- fire and smoke, water (rising/ falling),
- earth movement (earthquakes, landslides, volcanoes),
- storms (wind, lightning, rain, snow, sleet, ice),
- sabotage/ vandalism,
- building collapse,
- toxic materials,
- utility loss (power, heating, cooling, air, water),
- equipment failure,
- and personnel loss (strikes, illness, access, transport).