Information technology (2 task ) - 24 hours

profileKooliyu
Unit2GovernanceOverview1.ppt
Home>Information Systems homework help>Information technology (2 task ) - 24 hours

Unit 2 - IT Governance Overview

*

IT Governance

  • “Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT” (Weill & Ross – IT Governance, HBS Press, 2004)
  • Types of decisions
  • IT Principles
  • IT Architecture
  • IT Infrastructure Strategies
  • Business Applications Needs
  • IT Investments

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

  • Policy is a set of “organizational guidelines that dictate certain behavior within the organization”
  • A standard is “a detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance”
  • Guidelines are “nonmandatory recommendations the employee may use as a reference in complying with a policy”
  • Procedures are “step-by-step instructions designed to assist employees in following policies, standards, and guidelines”
  • Practices are “examples of actions that illustrate compliance with policies”
  • Policies define what you can do and not do, whereas the other documents focus on the how

Policy, Standards, and Practices

*

© Copyright 2012 – 2013 (ISC)², Inc. All Rights Reserved.

For Personal Use of (ISC)2 Seminar Attendee Only. Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances

Information Security Policy

What are information security policies?

Who develops these policies?

What are the different policies needed?

What is the purpose of these policies?

Stages in Policy Development

  • 1. Identify Need
  • 2. Identify who will take lead responsibility
  • 3. Gather information
  • 4. Draft policy
  • 5. Consult with appropriate stakeholders
  • 6.Finalize/approve policy
  • 7. Consider whether procedures are also required
  • 8. Implement
  • 9. Monitor, review, revise

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

Planning

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

IT Governance Board Membership

  • IT Strategy and Investment Board (SIB)
  • CIO (Chair)
  • Senior-level stakeholders from the Mission Directorates
  • Mission Support Offices (Procurement, Human Capital, etc)
  • Associate Center Directors
  • IT Program Management Board (PMB)
  • Deputy CIO or Designee (Chair)
  • IT Management Board (ITMB) Representative
  • Office of the Chief Engineer Representative
  • Representatives from Mission Directorates (2)
  • Representatives from Centers (2)
  • Division Chief, OCIO Policy and Investment Division (ex officio)

Presentation Title —2— August 18, 2010

  • IT Management Board (ITMB)
  • Associate CIO for Architecture and Infrastructure (Chair)
  • Center CIOs
  • Deputy CIO for IT Security
  • Enterprise Architecture Lead
  • Mission Directorates may provide a representative at their discretion.
  • Management/Business Systems Integration Group (M/B SIG)
  • Associate CIO for Enterprise Portfolio Management
  • Mission Support Representatives
  • Center Representatives
  • Mission Directorate Representatives

Presentation Title —2— August 18, 2010

IT Project Management Lifecycle
(NPR 7120.7)

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

IT Policy Decision Tree

  • During the Planning and Initiation step of the IT policy life cycle process, the need for new or updated guidance may be triggered by various issues such as:
  • Laws, regulations or best practices which require new or updated guidance
  • Implementation of IT services or new technologies that require new or updated policies
  • Risk assessment, audits, and/or reviews of existing policies/guidance that reveal inconsistencies or gaps
  • Operational issues that require clarification of university's position

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

Policy Decision Tree Example

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

Decision Tree Example

Presentation Title —2— August 18, 2010

Presentation Title —2— August 18, 2010

© Copyright 2012 – 2013 (ISC)², Inc. All Rights Reserved.

For Personal Use of (ISC)2 Seminar Attendee Only. Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances

Creation of Policies

Each organization creates policies based upon its needs.

Sometimes policies are reactive based upon a specific event.

The best policies are proactive.

It is important to know where all of the data resides and categorize that data.