This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dido:public:ra:1.4_req:00_aboutreq:03_combreqmdl [2021/03/17 11:10] nick |
dido:public:ra:1.4_req:00_aboutreq:03_combreqmdl [2021/08/17 12:25] (current) murphy |
||
---|---|---|---|
Line 2: | Line 2: | ||
[[dido:public:ra:1.4_req:00_aboutreq | Return to About Requirements]] | [[dido:public:ra:1.4_req:00_aboutreq | Return to About Requirements]] | ||
- | In order to be effective, it is best to combine the Governance and the cognitive models together. The results look something like Figure {{ref>combReq}}. Each cell in the overlaid models represents a single ROle or area of consistent governance providing some context for the requirements. For example, at the **Data**x**Regulation** cell, there is specific data that is required to be collected according to the regulations. For example, there is a regulation that requires a bank to collect taxpayer IDs for each account. During the **Execution** aspect (i.e., the Bank's [[dido:public:ra:1.3_gov:1_legaldocs:3_pp | Policies and Procedures(P&P)]]) the taxpayer ID is collected, the specific bank actually collects and records the taxpayer ID. During the **Compliance** aspect, there is a requirement to verify that each Bank actually has a taxpayer id with each account. This consistency in governance can be repeated for each row (i.e., Wisdom, Understanding, Knowledge, Information and Data) and for each column (i.e., Regulation, Execution and Compliance). | + | In order to be effective, it is best to combine the Governance and the cognitive models together. The results look something like Figure {{ref>combReq}}. Each cell in the overlaid models represents a single Role or area of consistent governance providing some context for the [[dido:public:ra:xapend:xapend.a_glossary:r:requirement|requirements]]. For example, at the **Data** x **Regulation** cell, there is specific data that is required to be collected according to the regulations. There is a regulation that requires a bank to collect taxpayer IDs for each account. During the **Execution** aspect (i.e., the Bank's [[dido:public:ra:1.3_gov:1_legaldocs:3_pp | Policies and Procedures(P&P)]]) the taxpayer ID is collected, the specific bank actually collects and records the taxpayer ID. During the **Compliance** aspect, there is a requirement to verify that each Bank actually has a taxpayer id with each account. This consistency in governance can be repeated for each row (i.e., Wisdom, Understanding, Knowledge, Information and Data) and for each column (i.e., Regulation, Execution and Compliance). |
If any of the Roles (i.e., cells have no requirements, the governance is incongruent and can lead to a potential flaw or hole in the governance which is vulnerable to exploitation. | If any of the Roles (i.e., cells have no requirements, the governance is incongruent and can lead to a potential flaw or hole in the governance which is vulnerable to exploitation. |