Yesterday afternoon, WHY and I worked out a holistic enterprise internal control framework. We named it as 12345678! Pyramid Framework. It help integrate the enterprise execution, IT control and security control methodologies and countermeasures.
- One Priority: Execution
- Two Hands: Technology and Management
- Three Layers: Decision Makers, Managers, and Execution
- Four Phases: Plan, Do, Check, Act
- Five Layer Controls: Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring
- Six Risk Elements: Assets, Threats, Vulnerabilities, Safeguards, Risks and Opportunities
- Seven Information Criteria: Confidentiality, Integrity, Availability, Efficiency, Effectiveness, Compliance, Reliability
- Eight IT Processes: Planning and Organization, Acquisition & Implementation, Delivery and Support, Monitoring and Evaluation
Do you like it? We know there has been much space left for it to be perfect. But it help guide your thinking ways when you prepare proposals or do planning. Its original form is in Chinese. Click here for more.
If you think it helpful or have any suggestions, just leave me a comment.