Chapter 10: From this chapter, in addition, the previous ones, we continue to enhance our knowledge and understanding about IG best business practices, and how good data governance can ensure that downstream negative effects of poor data can be avoided and subsequent reports, analyses, and conclusions based on reliable, and trusted data could be achieved. From the risk management perspective, data governance is a critical activity that supports decision makers and can mean the difference between retaining a customer and losing one. On the same token, protecting your business data is protecting the lifeblood of your business, and improving the quality of the data will improve decision making, foster compliance efforts, and yield competitive advantages; thence business profits would be earned. To provide meaningful support to business owners, the Data Governance Institute has created a data governance framework, a visual model to help guide planning efforts and a logical structure for classifying, organizing, and communicating complex activities involved in making decisions about and taking action on enterprise data. Q: With this framework in mind that allows for a conceptual look at data governance processes, rules, and people requirements identify and name the 10 levels of the DGI Data Governance framework from the Data Governance Institute?I have attached the PPT file related to this study which will help to clear your idea.
Unformatted Attachment Preview
Chapter 10
Information Governance and Information Technology Functions
Dr. Oussama Saafein
➢ Identify current trends that are considered
weaknesses in IT processes
➢ Describe IG best practices in the area of IT
➢ Identify the foundational programs or areas
that support the IG efforts in IT
➢ How does data governance differ from IT?
➢ What would be the steps in implementing an
effective data governance program?
➢ What is data modeling?
➢ What are the different approaches to data
➢ What is the goal of IT governance?
➢ Examples of IT governance frameworks
➢ What is the ISACA organization and what is
it responsible for?
➢ How did ValIT get created?
➢ Who created the data governance
framework? Why?
➢ What is information management? What are
its subcomponents?
➢ What is master data management (MDM)?
➢ What is information lifecycle management?
Issues Related to IT and IG
➢ IT has not been held accountable for the output in its custody

Focus on the business impact instead of the technology itself

Customize IG approach for the specific business, applying industry specific
best practices where applicable

Tie IG to business objectives

Standardize the use of business terms
Programs That Support IG Effort in IT
➢ Data Governance – Processes and controls that ensure information at the data
level is true, accurate, and unique.
✓ Data Cleansing
✓ De-duplication
✓ Information quality
➢ Master Data Management (MDM)
➢ Accepted IT Standards and Best Practices
Steps To Effective Data Governance
Recruit Strong Executive Sponsor – Not easy to do.
Executive management does not want to deal with minutia
Assess Current State – Where does data reside? What
problems are related to existing data
Set ideal state vision and strategy-Create realistic vision,
articulate business benefits, articulate measurable impact
Compute Data Value-compute how much value good data
can add to business unit
Assess Risks-Likelihood of potential data breaches? Cost of
potential data breaches
Steps To Effective Data Governance (CONT’D)
Implement “going forward” strategy – provide a clean
starting point
Assign accountability for Data Quality to Business Unit, not
to IT – Push ownership and responsibility to business unit
that created the data
Manage the Change – Train and Educate as to why and
Monitor Data Governance Program – Look for oversight,
shortfalls and fine-tune
Data Governance Institute (DGI) Framework
Information Management
➢ Information Management is a principle function of IT.
➢ IM-application of management techniques to collect information, communicate it within and outside
the organization and process it to enable managers to make quicker and better decisions.
➢ Components of Information Management:
✓ Master Data Management (MDM)-Goal is to ensure reliable, accurate data from a single source is
leveraged across business units.
✓ Information Lifecycle Management – Managing information appropriately and optimally at different stages
of its useful life.
✓ Data Architecture – Design of structured and unstructured information systems in an effort to optimize
data flow.
✓ Data Modeling-Illustrates the relationship between data.
Key Steps From Data Modeling To Integration
Six Approaches To Data Modeling
➢ Conceptual data modeling – diagrams data relationships at the highest level.
➢ Enterprise data modeling – business oriented approach that includes requirements for the
business or business unit.
➢ Logical data modeling – Illustrates the specific entities, attributes and relationships involved
in the business function.
➢ Physical data modeling – implementation of a logical data model.
➢ Data Integration – merges data from two or more sources, processing data and moving it
into a database.
➢ Reference data management modeling – refers to data in categories using look up tables,
categorizes data found in a database – often confused with MDM.
Comparisons Of Data Models
Comparisons Of Data Models
IT Governance
➢ Efficiency.
➢ Value Creation.
➢ Method by which stakeholders ensure that investment in IT creates business value.
➢ Focus on software development.
➢ Keep CEO and Board of Directors in the loop.
IT Governance Frameworks

CobiT 5
➢ ISACA engages in the development, adoption and use of knowledge and practices for
information systems.
➢ Previously known as the Information Systems Audit and Control Association.
➢ Today, ISACA’s constituency: IS auditor, consultant, educator, IS security professional, regulator,
chief information officer and internal auditor.
➢ Offers a number of certifications in:
✓ Certified Information Systems Auditor
✓ Certified in Risk and Information Systems Control
✓ Certified Information Security Manager
✓ Certified in the Governance of Enterprise IT
✓ Cybersecurity NEXUS – CSX – Certificate and CSX-P Certification
➢ Control Objectives for Information and Related
➢ Is a process based IT Governance Framework.
➢ Traditional Paradigm:

Plan and Organize.
Acquire and Implement.
Deliver and Support.
Monitor and Evaluate.
➢ IT Governance Institute and ISACA.
➢ Detailed description of processed and tools
to measure progress.
➢ Strengths:
➢ Broken into 3 organizational levels and their
✓ Cuts IT risks and gain business value from IT.
✓ Assists in meeting regulatory compliance requirements.
✓ Improved reporting and management.
✓ Improves IT and Information Asset Control.
➢ Maps to the ISO 17799 and compatible with ITIL.
✓ Board of Directors and Executive
✓ IT and Business management.
✓ Line-level governance.
➢ 4 IT Domains.
➢ 34 IT processes.
➢ 210 Control objects.
COBIT Framework
IT Governance Frameworks-COBIT 5
➢ Released in 2012 and expands on CobIT 4.1.
➢ Newest version of the business framework for the
governance of IT from ISACA.
➢ Integrates other major frameworks, standards and
resources that are in frequent use today.
➢ Comprised of 5 key principles for governance and
IT management at the enterprise level:

Contains 7 categories of enablers:

Principles, policies and frameworks


Organizational Structures

Culture, ethics and behavior


Services, infrastructure and applications

People, skills and competencies
✓ Meeting Stockholder needs
✓ Covers Enterprise end-to-end
✓ Applies single integrated framework
✓ Enabling a holistic approach
✓ Separates governance from management
➢ A non-profit, independent research entity that provides guidance on issues
related to the governance of IT assets.
➢ Was established by ISACA in 1998 to help ensure that:
✓ IT delivers value and its risks are mitigated through:
✓ alignment with enterprise objectives,
✓ IT resources are properly allocated, and
✓ IT performance is measured.
➢ ITGI developed COBIT and Val ITTM,
IT Governance Frameworks VALIT
➢ Value-oriented framework.
➢ Complements CobiT.
➢ Focus on principles and best practices aimed at gaining maximum value from IT
➢ Includes 3 primary processes:
✓ Value Governance
✓ Portfolio management
✓ Investment management
➢ When integrated with CobiT 5:
✓ Define relationships between IT and the responsible business functional areas with
governance responsibility.
✓ Manage an organization’s portfolio of It enabled business investments.
✓ Maximize the quality of business cases for IT enabled investment.
IT Governance Frameworks – ITIL
➢ ITIL was created in the 1980’s by the UK governments CCTA (Central Computer and
Telecommunications Agency to ensure better use of IT services and resources.
➢ The ITIL concept emerged in the 1980s, when the British government determined that the level of IT
service quality provided to them was not sufficient.
➢ The earliest version of ITIL was actually originally called GITIM, Government Information Technology
Infrastructure Management. Obviously this was very different to the current ITIL, but conceptually very
similar, focusing around service support and delivery.
➢ Large companies and government agencies in Europe adopted the framework very quickly in the early
1990s. ITIL was spreading far and, and was used in both government and non-government
➢ In year 2000, The CCTA merged into the OGC, Office for Government Commerce and in the same year,
Microsoft used ITIL as the basis to develop their proprietary Microsoft Operations Framework (MOF).
➢ In 2001, version 2 of ITIL was released. The Service Support and Service Delivery books were
redeveloped into more concise usable volumes. Over the following few years it became, by far, the most
widely used IT service management best practice approach in the world.
➢ In 2007 version 3 if ITIL was published. This adopted more of a lifecycle approach to service
management, with greater emphasis on IT business integration.
IT Governance Frameworks – ITIL
➢ ITIL – set of process oriented best practices and guidance originally developed to
standardize delivery of IT service management
➢ Applicable for both public and private sector
➢ Best practices are the foundation for ISO/IEC 2000
➢ Consists of 5 core published volumes that map the IT service cycle:
➢ Service Strategy
➢ Service Design
➢ Service Transition
➢ Service Operation
➢ Continual Service Improvement
IT Governance Frameworks – ISO/IEC 2000
➢ ISO/IEC – International Organization for Standardization (ISO) and the International
Electro technical Commission (IEC).
➢ ISO/IEC 20000 is the first international standard for IT service management. It was
developed in 2005, by ISO/IEC JTC1/SC7 and revised in 2011. It is based on and
intended to supersede the earlier BS 15000 that was developed by BSI Group.
IT Governance Frameworks-iso 38500
➢ ISO/IEC 38500:2008 – International standard for high level principles and guidance for
senior executives and directors for effective and efficient use of IT
➢ Three main section:
✓ Scope, Application and Objectives
✓ Framework for Good Corporate Governance of IT
✓ Guidance for Corporate Governance of IT
➢ Derived from the Australian 8015 guiding principles
IG Best Practices For Database Security And Compliance
➢ As it relates to IT functions, best practices have developed to prevent leakage of data
from databases, and from Web services.
➢ Implement a uniform set of policies and practices to assist in compliance and reduce
➢ Proven database security best practices include:
✓ Inventory and document
✓ Assess exposure and weaknesses
✓ Shore up the database
✓ Monitor
✓ Deploy monitoring and auditing tools
✓ Verify privileged access
✓ Protect sensitive data
✓ Deploy masking
✓ Integrate and automate standardized security processes.

Purchase answer to see full

We can help you complete this assignment or another one similar to this. Just hit "Order Now" to get started!

error: Content is protected !!