Discussion Information Governance
Let’s assume your organization has both an fully functioning IT department and now starting an ad hoc Information Governance department. Which department would be responsible for managing the Data Modeling Integration process? Which group would manage all the changes? Which IT Governance Framework would be applicable to both departments when managingin and executing this process? Explain your reasoning. Provide real life examples from your current organization to support your content.
CHAPTER
10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS
8
3
3
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages
18
9
–
2
0
6
in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4
. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7
. Assign accountability for data quality to
business units, not IT.
8. Manage the change
9. Monitor your data governance program.
6
Data Governance Framework
7
Data Governance Framework
■ Data Governance Framework a visual model to help guide
planning efforts and a “logical structure for classifying,
organizing, and communicating complex activities involved in
making decisions about and taking action on enterprise
data.”
8
Information Management
■ Principal function of Information Technology
■ Subcomponent tasks used to collect and process data:
1. Master data management (MDM) is a key process for IG
success in the IT department, which extends to involved
business units
2. Information lifecycle management (ILM) is managing
information appropriately t and optimally at different stages
of its useful life, from creation through distribution and use,
including meeting legal and regulatory requirements, and
through its final disposition, which can be destruction,
archiving, or transfer to another entity
3. Data architecture refers to the “design of structured and
unstructured information systems”
17
in an effort to
optimize data flow between applications and systems so that
they are able to process data efficiently.
4. Data modeling can be complex, yet it is an important step in
overall IG for g the IT department. It “illustrates the
relationships between data
9
Data Modeling to Integration
■ A user interface is constructed for the application, followed by movement
of data or e-documents through work steps using workflow capabilities,
and then integration with existing applications. Accomplished through an
application programming interface, a sort of connector that allows
interaction with other applications and databases.
10
Data Modeling Integration cont…
■ 6 approaches to data modeling:
1. Conceptual. The conceptual approach merely diagrams data
relationships at the “highest level” 20 showing the storage,
warehousing, and movement of data between applications.
2. Enterprise. The enterprise approach is a more business-oriented
version of conceptual data modeling that includes specific
requirements for an enterprise or business unit.
3. Logical. Pertinent to the design and architecture of physical storage,
logical data modeling “illustrates the specific entities, attributes and
relationships involved in a business function.”
4. Physical. The physical approach depicts the “implementation of a
logical data model” relative to a specific application and database
system.
5. Data integration. This approach is just what it says; it involves
merging data from two or more sources, processing the data, and
moving it into a database. “This category includes Extract,
Transform, and Load (ETL) capabilities.”
6. Reference data management. This approach often is confused with
MDM, although they do have interdependencies.
11
IT Governance
■ IT governance is the primary way that stakeholders can ensure that
investments in IT create business value and contribute toward meeting
business objective.
12
IT Governance Frameworks
■ Implementing an IT Governance Program
– Must align with business objectives and incorporate IT strategies
■ CobiT (Control Objectives for Information and related Technology) is a process
based IT governance framework that represents a consensus of experts
worldwide
– IT Control offers:
■ Cut IT risks while gaining business value from IT under an umbrella
of a globally accepted framework.
■ Assist in meeting regulatory compliance requirements.
■ Utilize a structured approach for improved reporting and
management decision making.
■ Provide solutions to control assessments and project
implementations to improve IT and information asset control.
13
IT Governance Frameworks
■ COBIT 5 released in 2012
■ “CobiT 5 is based on five key principles for governance and
management of enterprise IT:
– Principle 1: Meeting Stakeholder Needs
– Principle 2: Covering the Enterprise End-to- End
– Principle 3: Applying a Single, Integrated Framework
– Principle 4: Enabling a Holistic Approach
– Principle 5: Separating Governance From Management
14
IT Governance Frameworks
■ COBIT 5 describes 7 enablers:
1. Principles, policies and frameworks are the vehicle to translate the desired
behavior into practical guidance for day-to-day management.
2. Processes describe an organized set of practices and activities to achieve
certain objectives and produce a set of outputs in support of achieving overall
IT-related goals.
3. Organizational structures are the key decision-making entities in an
enterprise.
4. Culture, ethics and behavior of individuals and of the enterprise are very
often r underestimated as a success factor in governance and management
activities.
5. Information is required for keeping the organization running and well
governed, but at the operational level, information is very often the key
product of the enterprise itself.
6. Services, infrastructure and applications include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services.
7. People, skills and competencies are required for successful completion of all
activities, and for making correct decisions and taking corrective action
15
IT Governance Frameworks
■ ValIT (Value-oriented) – principles and best practices focus is on leveraging IT
investments to gain maximum value.
■ ITIL is a set of process-oriented best practices and guidance originally
developed in the United Kingdom to standardize delivery of IT service
management. ITIL is applicable to both the private and public sectors and is
the “most widely accepted approach to IT service management in the world.
■ ISO/IEC 38500:2008 is an international standard that provides high-level
principles and guidance for senior executives and directors, and those
advising them, for the effective and efficient use of IT
16
IG Best
Practices
for
Database
Security
and
Compliance
■ Database Security Best Practices:
– Inventory and document
– Assess exposure/weaknesses.
– Shore up the database
– Monitor. On a regular basis,
monitor and document any
configure
– Deploy monitoring/auditing
tools
– Verify privileged access
– Protect sensitive data
– Deploy masking
– Integrate and automate
standardized security processes
17
Chapter Summary
■ Focusing on business impact and customizing your IG approach to meet
business objectives are key best practices for IG in the IT department.
■ Effective data governance can yield bottom-line benefits derived from
new insights.
■ Good data governance ensures that downstream negative effects of
poor data are avoided and that subsequent reports, analyses, and
conclusions are based on reliable, trusted data.
■ Master data management is a key IG process in IT.
■ IT governance seeks to align business objectives with IT strategy to
deliver business value.
■ ValIT is a framework that focuses on delivering IT vale. It is folded into
CobiT 5.
■ ITIL is the “most widely accepted approach to IT service management in
the world.”
■ Identifying sensitive information in your databases and implementing
database security best practices help reduce organizational risk and the
cost of compliance
18
Information Governance
Chapter 10
Complete Week 9 Objectives