Chapter 10: From this chapter, in addition, the previous ones, we continue to enhance our knowledge and understanding about IG best business practices, and how good data governance can ensure that downstream negative effects of poor data can be avoided and subsequent reports, analyses, and conclusions based on reliable, and trusted data could be achieved. From the risk management perspective, data governance is a critical activity that supports decision makers and can mean the difference between retaining a customer and losing one. On the same token, protecting your business data is protecting the lifeblood of your business, and improving the quality of the data will improve decision making, foster compliance efforts, and yield competitive advantages; thence business profits would be earned. To provide meaningful support to business owners, the Data Governance Institute has created a data governance framework, a visual model to help guide planning efforts and a logical structure for classifying, organizing, and communicating complex activities involved in making decisions about and taking action on enterprise data. Q: With this framework in mind that allows for a conceptual look at data governance processes, rules, and people requirements identify and name the 10 levels of the DGI Data Governance framework from the Data Governance Institute?I have attached the PPT file related to this study which will help to clear your idea.
w9_ch10_osaafein.pptx
Unformatted Attachment Preview
ITS 833: INFORMATION GOVERNANCE
Chapter 10
Information Governance and Information Technology Functions
Dr. Oussama Saafein
1
CHAPTER OBJECTIVES
➢ Identify current trends that are considered
weaknesses in IT processes
➢ Describe IG best practices in the area of IT
governance
➢ Identify the foundational programs or areas
that support the IG efforts in IT
➢ How does data governance differ from IT?
➢ What would be the steps in implementing an
effective data governance program?
➢ What is data modeling?
➢ What are the different approaches to data
modeling?
➢ What is the goal of IT governance?
➢ Examples of IT governance frameworks
➢ What is the ISACA organization and what is
it responsible for?
➢ How did ValIT get created?
➢ Who created the data governance
framework? Why?
➢ What is information management? What are
its subcomponents?
➢ What is master data management (MDM)?
➢ What is information lifecycle management?
2
Issues Related to IT and IG
➢ IT has not been held accountable for the output in its custody
IG BEST PRACTICES THAT ASSIST IT IN DELIVERING BUSINESS VALUE
➢
Focus on the business impact instead of the technology itself
➢
Customize IG approach for the specific business, applying industry specific
best practices where applicable
➢
Tie IG to business objectives
➢
Standardize the use of business terms
3
Programs That Support IG Effort in IT
➢ Data Governance – Processes and controls that ensure information at the data
level is true, accurate, and unique.
✓ Data Cleansing
✓ De-duplication
✓ Information quality
➢ Master Data Management (MDM)
➢ Accepted IT Standards and Best Practices
4
Steps To Effective Data Governance
Recruit Strong Executive Sponsor – Not easy to do.
Executive management does not want to deal with minutia
Assess Current State – Where does data reside? What
problems are related to existing data
Set ideal state vision and strategy-Create realistic vision,
articulate business benefits, articulate measurable impact
Compute Data Value-compute how much value good data
can add to business unit
Assess Risks-Likelihood of potential data breaches? Cost of
potential data breaches
5
Steps To Effective Data Governance (CONT’D)
Implement “going forward” strategy – provide a clean
starting point
Assign accountability for Data Quality to Business Unit, not
to IT – Push ownership and responsibility to business unit
that created the data
Manage the Change – Train and Educate as to why and
benefits
Monitor Data Governance Program – Look for oversight,
shortfalls and fine-tune
6
Data Governance Institute (DGI) Framework
7
Information Management
➢ Information Management is a principle function of IT.
➢ IM-application of management techniques to collect information, communicate it within and outside
the organization and process it to enable managers to make quicker and better decisions.
➢ Components of Information Management:
✓ Master Data Management (MDM)-Goal is to ensure reliable, accurate data from a single source is
leveraged across business units.
✓ Information Lifecycle Management – Managing information appropriately and optimally at different stages
of its useful life.
✓ Data Architecture – Design of structured and unstructured information systems in an effort to optimize
data flow.
✓ Data Modeling-Illustrates the relationship between data.
8
Key Steps From Data Modeling To Integration
9
Six Approaches To Data Modeling
➢ Conceptual data modeling – diagrams data relationships at the highest level.
➢ Enterprise data modeling – business oriented approach that includes requirements for the
business or business unit.
➢ Logical data modeling – Illustrates the specific entities, attributes and relationships involved
in the business function.
➢ Physical data modeling – implementation of a logical data model.
➢ Data Integration – merges data from two or more sources, processing data and moving it
into a database.
➢ Reference data management modeling – refers to data in categories using look up tables,
categorizes data found in a database – often confused with MDM.
10
Comparisons Of Data Models
11
Comparisons Of Data Models
12
IT Governance
➢ Efficiency.
➢ Value Creation.
➢ Method by which stakeholders ensure that investment in IT creates business value.
➢ Focus on software development.
➢ Keep CEO and Board of Directors in the loop.
13
IT Governance Frameworks
➢
➢
➢
➢
➢
CobiT®
ITIL
CobiT 5
ValIT®
ISO38500
14
ISACA
➢ ISACA engages in the development, adoption and use of knowledge and practices for
information systems.
➢ Previously known as the Information Systems Audit and Control Association.
➢ Today, ISACA’s constituency: IS auditor, consultant, educator, IS security professional, regulator,
chief information officer and internal auditor.
➢ Offers a number of certifications in:
✓ Certified Information Systems Auditor
✓ Certified in Risk and Information Systems Control
✓ Certified Information Security Manager
✓ Certified in the Governance of Enterprise IT
✓ Cybersecurity NEXUS – CSX – Certificate and CSX-P Certification
(source: www.isaca.org)
15
COBIT
➢ Control Objectives for Information and Related
Technology.
➢ Is a process based IT Governance Framework.
➢ Traditional Paradigm:
✓
✓
✓
✓
Plan and Organize.
Acquire and Implement.
Deliver and Support.
Monitor and Evaluate.
➢ IT Governance Institute and ISACA.
➢ Detailed description of processed and tools
to measure progress.
➢ Strengths:
➢ Broken into 3 organizational levels and their
responsibilities:
✓ Cuts IT risks and gain business value from IT.
✓ Assists in meeting regulatory compliance requirements.
✓ Improved reporting and management.
✓ Improves IT and Information Asset Control.
➢ Maps to the ISO 17799 and compatible with ITIL.
✓ Board of Directors and Executive
Management.
✓ IT and Business management.
✓ Line-level governance.
➢ 4 IT Domains.
➢ 34 IT processes.
➢ 210 Control objects.
16
COBIT Framework
17
IT Governance Frameworks-COBIT 5
➢ Released in 2012 and expands on CobIT 4.1.
➢ Newest version of the business framework for the
governance of IT from ISACA.
➢ Integrates other major frameworks, standards and
resources that are in frequent use today.
➢ Comprised of 5 key principles for governance and
IT management at the enterprise level:
➢
Contains 7 categories of enablers:
✓
Principles, policies and frameworks
✓
Processes
✓
Organizational Structures
✓
Culture, ethics and behavior
✓
Information
✓
Services, infrastructure and applications
✓
People, skills and competencies
✓ Meeting Stockholder needs
✓ Covers Enterprise end-to-end
✓ Applies single integrated framework
✓ Enabling a holistic approach
✓ Separates governance from management
18
IT GOVERNANCE INSTITUTE
➢ A non-profit, independent research entity that provides guidance on issues
related to the governance of IT assets.
➢ Was established by ISACA in 1998 to help ensure that:
✓ IT delivers value and its risks are mitigated through:
✓ alignment with enterprise objectives,
✓ IT resources are properly allocated, and
✓ IT performance is measured.
➢ ITGI developed COBIT and Val ITTM,
Source: https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Framework-2.0-Extract-Jul-2008.pdf
19
IT Governance Frameworks VALIT
➢ Value-oriented framework.
➢ Complements CobiT.
➢ Focus on principles and best practices aimed at gaining maximum value from IT
investments.
➢ Includes 3 primary processes:
✓ Value Governance
✓ Portfolio management
✓ Investment management
➢ When integrated with CobiT 5:
✓ Define relationships between IT and the responsible business functional areas with
governance responsibility.
✓ Manage an organization’s portfolio of It enabled business investments.
✓ Maximize the quality of business cases for IT enabled investment.
20
IT Governance Frameworks – ITIL
➢ ITIL was created in the 1980’s by the UK governments CCTA (Central Computer and
Telecommunications Agency to ensure better use of IT services and resources.
➢ The ITIL concept emerged in the 1980s, when the British government determined that the level of IT
service quality provided to them was not sufficient.
➢ The earliest version of ITIL was actually originally called GITIM, Government Information Technology
Infrastructure Management. Obviously this was very different to the current ITIL, but conceptually very
similar, focusing around service support and delivery.
➢ Large companies and government agencies in Europe adopted the framework very quickly in the early
1990s. ITIL was spreading far and, and was used in both government and non-government
organizations.
➢ In year 2000, The CCTA merged into the OGC, Office for Government Commerce and in the same year,
Microsoft used ITIL as the basis to develop their proprietary Microsoft Operations Framework (MOF).
➢ In 2001, version 2 of ITIL was released. The Service Support and Service Delivery books were
redeveloped into more concise usable volumes. Over the following few years it became, by far, the most
widely used IT service management best practice approach in the world.
➢ In 2007 version 3 if ITIL was published. This adopted more of a lifecycle approach to service
management, with greater emphasis on IT business integration.
21
IT Governance Frameworks – ITIL
➢ ITIL – set of process oriented best practices and guidance originally developed to
standardize delivery of IT service management
➢ Applicable for both public and private sector
➢ Best practices are the foundation for ISO/IEC 2000
➢ Consists of 5 core published volumes that map the IT service cycle:
➢ Service Strategy
➢ Service Design
➢ Service Transition
➢ Service Operation
➢ Continual Service Improvement
22
IT Governance Frameworks – ISO/IEC 2000
➢ ISO/IEC – International Organization for Standardization (ISO) and the International
Electro technical Commission (IEC).
➢ ISO/IEC 20000 is the first international standard for IT service management. It was
developed in 2005, by ISO/IEC JTC1/SC7 and revised in 2011. It is based on and
intended to supersede the earlier BS 15000 that was developed by BSI Group.
23
IT Governance Frameworks-iso 38500
➢ ISO/IEC 38500:2008 – International standard for high level principles and guidance for
senior executives and directors for effective and efficient use of IT
➢ Three main section:
✓ Scope, Application and Objectives
✓ Framework for Good Corporate Governance of IT
✓ Guidance for Corporate Governance of IT
➢ Derived from the Australian 8015 guiding principles
24
IG Best Practices For Database Security And Compliance
➢ As it relates to IT functions, best practices have developed to prevent leakage of data
from databases, and from Web services.
➢ Implement a uniform set of policies and practices to assist in compliance and reduce
costs.
➢ Proven database security best practices include:
✓ Inventory and document
✓ Assess exposure and weaknesses
✓ Shore up the database
✓ Monitor
✓ Deploy monitoring and auditing tools
✓ Verify privileged access
✓ Protect sensitive data
✓ Deploy masking
✓ Integrate and automate standardized security processes.
25
…
Purchase answer to see full
attachment
We can help you complete this assignment or another one similar to this. Just hit "Order Now" to get started!
