Discussion Information Governance

 

Let’s assume your organization has both an fully functioning IT department and now starting an ad hoc Information Governance department. Which department would be responsible for managing the Data Modeling Integration process? Which group would manage all the changes? Which IT Governance Framework would be applicable to both departments when managingin and executing this process?  Explain your reasoning. Provide real life examples from your current organization to support your content. 

CHAPTER

10

INFORMATION GOVERNANCE

Information Governance and Information

Technology Functions
ITS

8

3

3

Dr. Mia Simmons

Chapter Overview

■ This chapter will cover pages

18

9

–

2

0

6

in

your book.

■ This chapter discusses how Information

Technology (IT) aligns directly with the

success of Information Governance.

2

What is Information Technology?

■ Information technology (IT) is a core function impacted by

information governance (IG) efforts.

– The IT side, shared responsibility for IG means the IT

department itself must take a closer look at IT processes

and activities with an eye to IG.

– A focus on improving IT efficiency, software development

processes, and data quality will help contribute to the

overall IG program effort

3

CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:

1. Don’t focus on technology, focus on business impact

■ IT needs to become more business savvy, more businesslike, more

focused on delivering business benefits that can help the organization

to meet its business goals and achieve its business objectives.

2. Customize your IG approach for your specific business, folding in

any industry-specific best practices possible.

■ there are components that are common to all industries, but tailoring

your approach to your organization is the only way to deliver real

business value and results

3. Make the business case for IG by tying it to business objectives

■ The business case must be presented in order to gain executive

sponsorship, which is an essential component of any IG effort.

4

. Standardize use of business terms

■ IG requires a cross-functional effort, so you must be speaking the

same language, which means the business terms you use in your

organization must be standardize

4

Data
Governance

■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.

■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables

■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.

■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.

5

Steps to Governing Data
Effectively

1. Recruit a strong executive sponsor.

2. Assess your current state

3. Set the ideal state vision and strategy.

4. Compute the value of your data.

5. Asses Risk

6. Implement a going-forward strategy

7

. Assign accountability for data quality to

business units, not IT.

8. Manage the change

9. Monitor your data governance program.

6

Data Governance Framework

7

Data Governance Framework

■ Data Governance Framework a visual model to help guide

planning efforts and a “logical structure for classifying,

organizing, and communicating complex activities involved in

making decisions about and taking action on enterprise

data.”

8

Information Management

■ Principal function of Information Technology

■ Subcomponent tasks used to collect and process data:

1. Master data management (MDM) is a key process for IG

success in the IT department, which extends to involved

business units

2. Information lifecycle management (ILM) is managing

information appropriately t and optimally at different stages

of its useful life, from creation through distribution and use,

including meeting legal and regulatory requirements, and

through its final disposition, which can be destruction,

archiving, or transfer to another entity

3. Data architecture refers to the “design of structured and

unstructured information systems”

17

in an effort to

optimize data flow between applications and systems so that

they are able to process data efficiently.

4. Data modeling can be complex, yet it is an important step in

overall IG for g the IT department. It “illustrates the

relationships between data

9

Data Modeling to Integration
■ A user interface is constructed for the application, followed by movement

of data or e-documents through work steps using workflow capabilities,

and then integration with existing applications. Accomplished through an

application programming interface, a sort of connector that allows

interaction with other applications and databases.

10

Data Modeling Integration cont…
■ 6 approaches to data modeling:

1. Conceptual. The conceptual approach merely diagrams data
relationships at the “highest level” 20 showing the storage,
warehousing, and movement of data between applications.

2. Enterprise. The enterprise approach is a more business-oriented
version of conceptual data modeling that includes specific
requirements for an enterprise or business unit.

3. Logical. Pertinent to the design and architecture of physical storage,
logical data modeling “illustrates the specific entities, attributes and
relationships involved in a business function.”

4. Physical. The physical approach depicts the “implementation of a
logical data model” relative to a specific application and database
system.

5. Data integration. This approach is just what it says; it involves
merging data from two or more sources, processing the data, and
moving it into a database. “This category includes Extract,
Transform, and Load (ETL) capabilities.”

6. Reference data management. This approach often is confused with
MDM, although they do have interdependencies.

11

IT Governance

■ IT governance is the primary way that stakeholders can ensure that

investments in IT create business value and contribute toward meeting

business objective.

12

IT Governance Frameworks

■ Implementing an IT Governance Program

– Must align with business objectives and incorporate IT strategies

■ CobiT (Control Objectives for Information and related Technology) is a process
based IT governance framework that represents a consensus of experts
worldwide

– IT Control offers:

■ Cut IT risks while gaining business value from IT under an umbrella
of a globally accepted framework.

■ Assist in meeting regulatory compliance requirements.

■ Utilize a structured approach for improved reporting and
management decision making.

■ Provide solutions to control assessments and project
implementations to improve IT and information asset control.

13

IT Governance Frameworks

■ COBIT 5 released in 2012

■ “CobiT 5 is based on five key principles for governance and

management of enterprise IT:

– Principle 1: Meeting Stakeholder Needs

– Principle 2: Covering the Enterprise End-to- End

– Principle 3: Applying a Single, Integrated Framework

– Principle 4: Enabling a Holistic Approach

– Principle 5: Separating Governance From Management

14

IT Governance Frameworks

■ COBIT 5 describes 7 enablers:

1. Principles, policies and frameworks are the vehicle to translate the desired
behavior into practical guidance for day-to-day management.

2. Processes describe an organized set of practices and activities to achieve
certain objectives and produce a set of outputs in support of achieving overall
IT-related goals.

3. Organizational structures are the key decision-making entities in an
enterprise.

4. Culture, ethics and behavior of individuals and of the enterprise are very
often r underestimated as a success factor in governance and management
activities.

5. Information is required for keeping the organization running and well
governed, but at the operational level, information is very often the key
product of the enterprise itself.

6. Services, infrastructure and applications include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services.

7. People, skills and competencies are required for successful completion of all
activities, and for making correct decisions and taking corrective action

15

IT Governance Frameworks

■ ValIT (Value-oriented) – principles and best practices focus is on leveraging IT

investments to gain maximum value.

■ ITIL is a set of process-oriented best practices and guidance originally

developed in the United Kingdom to standardize delivery of IT service

management. ITIL is applicable to both the private and public sectors and is

the “most widely accepted approach to IT service management in the world.

■ ISO/IEC 38500:2008 is an international standard that provides high-level

principles and guidance for senior executives and directors, and those

advising them, for the effective and efficient use of IT

16

IG Best
Practices

for
Database
Security

and
Compliance

■ Database Security Best Practices:

– Inventory and document

– Assess exposure/weaknesses.

– Shore up the database

– Monitor. On a regular basis,

monitor and document any

configure

– Deploy monitoring/auditing

tools

– Verify privileged access

– Protect sensitive data

– Deploy masking

– Integrate and automate

standardized security processes

17

Chapter Summary
■ Focusing on business impact and customizing your IG approach to meet

business objectives are key best practices for IG in the IT department.

■ Effective data governance can yield bottom-line benefits derived from
new insights.

■ Good data governance ensures that downstream negative effects of
poor data are avoided and that subsequent reports, analyses, and
conclusions are based on reliable, trusted data.

■ Master data management is a key IG process in IT.

■ IT governance seeks to align business objectives with IT strategy to
deliver business value.

■ ValIT is a framework that focuses on delivering IT vale. It is folded into
CobiT 5.

■ ITIL is the “most widely accepted approach to IT service management in
the world.”

■ Identifying sensitive information in your databases and implementing
database security best practices help reduce organizational risk and the
cost of compliance

18

Information Governance

Chapter 10

Complete Week 9 Objectives