Compiled by; Mark E.S.

Bernard, CISSP, CISM, SABSA-F2, CISA, CRISC, CGEIT, ISO 27001 Lead Auditor
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Skype; Mark_E_S_Bernard; LinkedIn; http://www.linkedin.com/in/markesbernard Mark E.S. Bernard, - Information Security /Privacy, GRC Management Consultant CRISC, CGEIT, CISA, CISM, CISSP, PM, ISO 27001LA, CNA, SABSA-Security Service Management /Architecture, COBiT, ITIL

Mark has 24 years of proven experience within the domain of Information Security, Privacy, Governance, Compliance. Mark has led teams of 30 or more as a Director and Project Manager and managed budgets of $5 Million +. Mark has also provided oversight to 250 contractors and 230 regular fulltime employees as a senior manager during government outsourcing contract valued at $300 million. Mark skills and experience as a Systems Engineer, Software Engineer and Network Engineer has provided him an ability to led small and larger contracts for specialized services including ERP systems like Oracle, SAP, JD Edwards, BPCS, JBA and red team penetration testing. Mark also led his work-stream during Negotiated RFP process, followed by the on-boarding and knowledge transfer of the exiting Service Provider for a $25 Million Dollar Contract. Mark designed information security and privacy architecture established information security management systems as program manager based on ISO 27001. Mark Also led the reengineered IT processes based on Service Manager ITIL/ISO 20000 building in Quality Management ISO 9001 also establishing a Knowledge Management framework.

Accomplishments:
In 2013 Assisted Provincial Government with Privacy Impact Assessment of External Parties In 2013 Assisted Aviation organization with ISO/IEC 27001 Registration/Certification In 2013 Facilitated ISO Lead Auditor Training for International Manufacturing and Services Corporation In 2013 Assisted Major Bank with Risk Assessment of New Services and Products In 2012 Assisted National Legal Firm with ISO/IEC 27001 Reg./Certification In 2012 Assisted Executive Relocation Organization to ISO/IEC 27001 Reg./Certification In 2012 Assisted Cloud Service Provider of SaaS to achieve ISO/IEC 27001 Reg./Certification In 2012 Assisted Global Electronic Solutions Provider ISO/IEC 27001 Reg./Certification In 2012 Assisted Nano Technology Manufacturer with ISO/IEC 27001 Reg./Certification In 2010/11 Led Cloud Service Provider of PaaS and IaaS in 8 DCs & 4 Continents to ISO 27001 Reg./Cert In 2009 Led Provincial Government to become 1st Canadian Public Sector ISO 27001 Reg./Certification In 2009 Led Provincial Government On-boarding Project for Oracle ERP Integrated Service Provider In 2009 Led Technology and Operations during Negotiated Request for Proposal on behalf of Prov. Gov. In 2007 Led Major Credit Union Trade & Wholesale Service to achieve ISO/IEC 27001 Reg./Certification In 2006 Led Privacy, Security, and Compliance Office during BC Government, outsourcing to Alternate Service Delivery during migration to SAP R3 - ERP

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Enterprise Security Architecture was created following the natural order in which organizations are structured.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Organizational Governance is a crucial requirement of any organizational design. Providing the leadership necessary to guide the Enterprise to achieve its strategic goals and investor expectations. This guidance comes from the Board of Directors and Executive Team.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Risk Management is the linchpin of good Governance and organizational design. The Board of Directors and Executive Team utilize Risk Management to make decisions based on pros and cons, potential impacts due to the realizations of Strategic Risks, Financial Risks, Compliance Risks and Operational Risks. Risk is not just associated with negative impacts, but taking advantage of risk can lead to positive Business Benefits.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The Enterprise Security Management System is a crucial integration point providing assurance and internal advisory services on behalf of senior business leaders to help ensure that enterprise design and architecture of business processes and infrastructure does not contravene Risk Management goals. The ESMS encompasses physical security, information in all formats health and safety.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Enterprise Architecture is based on Business Requirements and the information needed to satisfy strategic organizational goals. These strategic goals can only be satisfied if the information and knowledge is available, maintains its security based on sensitivity and leverages the most accurate data for Risk Management decisions by business leaders.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Enterprise Architecture is based on Business Architecture supported by the information required to facilitate business. In many cases business systems are leverage to manage the volume of data input into the business architecture. These business systems also help to improve the security and integrity of the information and data required to deliver services to customers and make management decisions. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Enterprise Architecture is based on Business Architecture which drives the requirements for infrastructure delivering information, data quality and availability. The sensitivity of information required to achieve Enterprise goals helps to establish the requirements for physical security, environmental security and the security of employees also known as health and safety.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The requirements for Enterprise Architecture and Business Architecture drives the requirements for Human Resources. The skills, experience and general knowledge of management and regular staff help move the organization towards its strategic goals.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The requirements for Enterprise Architecture and Business Architecture drives the requirements for Procurement and Contract Management of external expertise, software, hardware, and telecommunications. Once acquired ongoing maintenance of licenses and facilitation of Service Management will be required. Mergers and Acquisitions also fall under Procurement, so the requirements for confidentiality, integrity and availability become a seamless part of the organizations products and services.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The requirements for Enterprise Architecture and Business Architecture drives the requirements for Business Continuity and Disaster Recovery. These requirements must bring value to the organization by helping to facilitate service delivery and product development and/or enhance the organizations reputation.
The organizations mission, strategic goals and business benefits must be realized. Risk Management and Enterprise Security play a crucial role in effective, efficient BC and DR.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Service Management and Operations facilitate the mitigation of risk to strategic goals, financial planning, compliance management. This is accomplished through the consistent execution of mature processes and continuous improvement. These Standard Operating Procedures (SOP) include control points for Quality Management and Risk Management such as management approval and reconciliation or segregation of duties. These control points are normally selected in response to a risk assessment or audit finding. Security standards help establish criteria that will be followed during the execution of SOP.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Service Management is comprised of 11 unique processes that have been fully integrated within each other. The Service Desk is the central hub for communications and service management within the organization and with external partners, investors and customers.
Operations and Service Management help the organization achiever organizational strategic goals as directed by Management, consulted by the Enterprise Security Team and Business Architecture group.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The Service Management Team provides the boots on the ground operations employees who maintain the Digital Service Delivery and Product Life Cycle Channels.
The Service Management Team ensures that the Service Orientated Architecture is maintained. This includes ensuring that the software, hardware and telecommunication services are fully operational within the agreed terms for business hours in support of the Business Architecture requirements and Enterprise Security requirements for the confidentiality of information, integrity of information and data, and availability of information.
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The systems that employees and customers rely upon are prone to vulnerabilities that could be exploited by a motivated threat. The ESMS will provide assurance that these risks have been mitigated by working with managers and subject matter experts to identify, risk assess, prioritize and remediate as required. The server stack and OSI or TCP/IP stack are two examples of t\where cracks can form resulting in an exposure to threats.

The achievement of organizational strategic goals and objectives is contingent upon maintaining a safe environment for employees.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The Enterprise Security Management System provides a single point of contact and leadership for Enterprise Security based on strategic organizational goals and objectives. The ESMS brings together physical security with information security in support of Business Architecture guided by organizational Governance and Risk Management.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

ESMS Examples: Subjects of Interest Access Control Active Shooter Asset Protection and Management Background Screening/Due Diligence Bomb Threats CCTV Compliance Management Corruption/Ethics Crime, Prevention Cryptography Data/Information Security Data Privacy Disaster/Crisis Management Environmental Executive Protection/Personnel Security Facilities (General) Health and Safety Incident Management Investigations Mail Security Pandemics Physical Security, General Quality Management Risk Management Risk/Vulnerability Assessment and Site Surveys Security Personnel/Duties Security Planning and Management

Sexual Harassment/Discrimination Social Media Social Engineering Supply Chain Strikes/Demonstrations/Unrest Substance Abuse Telecommunications Travel Utilities Vehicles and Vehicle Operation Visitors Water Workplace Violence ESMS Examples: Applicable Industries Agriculture Insurance Aviation Mass Transit Banking Manufacturing Chemical Media Cities Oil and gas/Energy Distribution Centers Seaports Educational Institutions Stadiums and Arenas Energy Industry Telecommunications Factories Technology FDIC Theme Parks Government Universities Healthcare Industrial Sites

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The Enterprise Security Management System is a valuable program that can be seamlessly integrated within every business process to help support and facilitate organizational strategic goals. Enterprise Security Architecture helps to visualize and disseminate the integration of business processes including the importance of overarching governance and risk management influence within the organization concerning the confidentiality of information, integrity of business processes and data and the availability of people and information to achieve strategic organizational goals.

If you need help with your Enterprise Security Management System adoption or integration project please contact me, thanks.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

For more information contact Skype; Mark_E_S_Bernard Twitter; @MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***