CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
- 1. CHAPTER 10 INFORMATION GOVERNANCE Information Governance and Information Technology Functions ITS 833 Dr. Mia Simmons Chapter Overview ■ This chapter will cover pages 189-206 in your book. ■ This chapter discusses how Information Technology (IT) aligns directly with the success of Information Governance. 2 What is Information Technology? ■ Information technology (IT) is a core function impacted by
- 2. information governance (IG) efforts. – The IT side, shared responsibility for IG means the IT department itself must take a closer look at IT processes and activities with an eye to IG. – A focus on improving IT efficiency, software development processes, and data quality will help contribute to the overall IG program effort 3 CIO & IT Leaders Key Focus Areas ■ Four IG areas for successful delivery of IG efforts: 1. Don’t focus on technology, focus on business impact ■ IT needs to become more business savvy, more businesslike, more focused on delivering business benefits that can help the organization to meet its business goals and achieve its business objectives. 2. Customize your IG approach for your specific business, folding in any industry-specific best practices possible.
- 3. ■ there are components that are common to all industries, but tailoring your approach to your organization is the only way to deliver real business value and results 3. Make the business case for IG by tying it to business objectives ■ The business case must be presented in order to gain executive sponsorship, which is an essential component of any IG effort. 4. Standardize use of business terms ■ IG requires a cross-functional effort, so you must be speaking the same language, which means the business terms you use in your organization must be standardize 4 Data Governance ■ Data is big, data is growing, data is valuable, and the insights that can be gained by analyzing clean, reliable data with the latest analytic tools are a sort of
- 4. new currency. ■ focuses on information quality from the ground up (at the lowest or root level), so that subsequent reports, analyses and conclusions are based on clean, reliable, trusted data (or records) in database tables ■ Data governance is a newer, hybrid quality control discipline that includes elements of data quality, data management, IG policy development, business process improvement, and compliance and risk management. ■ Data governance with real-time analytics and business intelligence (BI) software not only can yield insights into significant and emerging trends but also can provide solid information for decision makers to use in times of crisis—or opportunity. 5 Steps to Governing Data Effectively 1. Recruit a strong executive sponsor. 2. Assess your current state 3. Set the ideal state vision and strategy.
- 5. 4. Compute the value of your data. 5. Asses Risk 6. Implement a going-forward strategy 7. Assign accountability for data quality to business units, not IT. 8. Manage the change 9. Monitor your data governance program. 6 Data Governance Framework 7 Data Governance Framework ■ Data Governance Framework a visual model to help guide planning efforts and a “logical structure for classifying, organizing, and communicating complex activities involved in making decisions about and taking action on enterprise data.”
- 6. 8 Information Management ■ Principal function of Information Technology ■ Subcomponent tasks used to collect and process data: 1. Master data management (MDM) is a key process for IG success in the IT department, which extends to involved business units 2. Information lifecycle management (ILM) is managing information appropriately t and optimally at different stages of its useful life, from creation through distribution and use, including meeting legal and regulatory requirements, and through its final disposition, which can be destruction, archiving, or transfer to another entity 3. Data architecture refers to the “design of structured and unstructured information systems” 17 in an effort to optimize data flow between applications and systems so that they are able to process data efficiently.
- 7. 4. Data modeling can be complex, yet it is an important step in overall IG for g the IT department. It “illustrates the relationships between data 9 Data Modeling to Integration ■ A user interface is constructed for the application, followed by movement of data or e-documents through work steps using workflow capabilities, and then integration with existing applications. Accomplished through an application programming interface, a sort of connector that allows interaction with other applications and databases. 10 Data Modeling Integration cont… ■ 6 approaches to data modeling: 1. Conceptual. The conceptual approach merely diagrams data relationships at the “highest level” 20 showing the storage, warehousing, and movement of data between applications.
- 8. 2. Enterprise. The enterprise approach is a more business- oriented version of conceptual data modeling that includes specific requirements for an enterprise or business unit. 3. Logical. Pertinent to the design and architecture of physical storage, logical data modeling “illustrates the specific entities, attributes and relationships involved in a business function.” 4. Physical. The physical approach depicts the “implementation of a logical data model” relative to a specific application and database system. 5. Data integration. This approach is just what it says; it involves merging data from two or more sources, processing the data, and moving it into a database. “This category includes Extract, Transform, and Load (ETL) capabilities.” 6. Reference data management. This approach often is confused with MDM, although they do have interdependencies. 11 IT Governance ■ IT governance is the primary way that stakeholders can ensure that
- 9. investments in IT create business value and contribute toward meeting business objective. 12 IT Governance Frameworks ■ Implementing an IT Governance Program – Must align with business objectives and incorporate IT strategies ■ CobiT (Control Objectives for Information and related Technology) is a process based IT governance framework that represents a consensus of experts worldwide – IT Control offers: ■ Cut IT risks while gaining business value from IT under an umbrella of a globally accepted framework. ■ Assist in meeting regulatory compliance requirements. ■ Utilize a structured approach for improved reporting and management decision making. ■ Provide solutions to control assessments and project implementations to improve IT and information asset control.
- 10. 13 IT Governance Frameworks ■ COBIT 5 released in 2012 ■ “CobiT 5 is based on five key principles for governance and management of enterprise IT: – Principle 1: Meeting Stakeholder Needs – Principle 2: Covering the Enterprise End-to- End – Principle 3: Applying a Single, Integrated Framework – Principle 4: Enabling a Holistic Approach – Principle 5: Separating Governance From Management 14 IT Governance Frameworks ■ COBIT 5 describes 7 enablers: 1. Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management. 2. Processes describe an organized set of practices and activities
- 11. to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. 3. Organizational structures are the key decision-making entities in an enterprise. 4. Culture, ethics and behavior of individuals and of the enterprise are very often r underestimated as a success factor in governance and management activities. 5. Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself. 6. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services. 7. People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective action 15
- 12. IT Governance Frameworks ■ ValIT (Value-oriented) - principles and best practices focus is on leveraging IT investments to gain maximum value. ■ ITIL is a set of process-oriented best practices and guidance originally developed in the United Kingdom to standardize delivery of IT service management. ITIL is applicable to both the private and public sectors and is the “most widely accepted approach to IT service management in the world. ■ ISO/IEC 38500:2008 is an international standard that provides high-level principles and guidance for senior executives and directors, and those advising them, for the effective and efficient use of IT 16 IG Best Practices for Database
- 13. Security and Compliance ■ Database Security Best Practices: – Inventory and document – Assess exposure/weaknesses. – Shore up the database – Monitor. On a regular basis, monitor and document any configure – Deploy monitoring/auditing tools – Verify privileged access – Protect sensitive data – Deploy masking – Integrate and automate standardized security processes 17
- 14. Chapter Summary ■ Focusing on business impact and customizing your IG approach to meet business objectives are key best practices for IG in the IT department. ■ Effective data governance can yield bottom-line benefits derived from new insights. ■ Good data governance ensures that downstream negative effects of poor data are avoided and that subsequent reports, analyses, and conclusions are based on reliable, trusted data. ■ Master data management is a key IG process in IT. ■ IT governance seeks to align business objectives with IT strategy to deliver business value. ■ ValIT is a framework that focuses on delivering IT vale. It is folded into CobiT 5. ■ ITIL is the “most widely accepted approach to IT service management in the world.” ■ Identifying sensitive information in your databases and implementing database security best practices help reduce organizational risk and the cost of compliance
- 15. 18 Information Governance Chapter 10 Complete Week 9 Objectives