Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Governance 3.0 The Next Evolution of IT Governance Brian Ellis

Published byΠρίσκα Κωνσταντόπουλος Modified over 6 years ago

Similar presentations

Presentation on theme: "IT Governance 3.0 The Next Evolution of IT Governance Brian Ellis"— Presentation transcript:

1 IT Governance 3.0 The Next Evolution of IT Governance Brian Ellis
Terri Barnes, PgMP September 18, 2018

2 TOPICS 3 7 12 17 18 IT Governance Baseline Emerging Influences
AGENDA TOPICS 3 IT Governance Baseline 7 Emerging Influences 12 Evolving Trends 17 Governance Drivers 18 What Can You Do? Here’s what we’re covering tonight

3 IT governance baseline
A Common Definition “IT Governance consists of the leadership and organizational structures and processes that ensure that IT sustains and extends the organization’s strategies and objectives.” -IT Governance Institute Two major topics Demand governance: Doing the right things Supply-side governance: Doing things right

4 IT governance baseline
Demand Governance Focused on establishing business investment decision and oversight processes: How should IT be used in the business? What are the guiding principles? Who will make which decisions? Who is accountable? Which investments will we make? What are the priorities? How will we track and measure benefits and success?

5 IT governance baseline
Supply-Side Governance Focused on delivery, execution, and compliance: IT management Security IT operations IT controls

6 IT governance baseline
Multiple IT Governance Frameworks Calder-Moir COBIT AgilePath

7 Emerging influences $ Driving Change in IT Governance
Digital transformation Cloud computing BYOD: bring your own device The Internet of Things (IoT)

8 Digital transformation
Increasing Demand and Complexity for IT Governance Then: Now: $

9 Cloud computing Extending the Boundaries of Governance
Growth of cloud computing often happens without a strategy Business user buys Salesforce.com subscriptions Employee stores files on Box.com IT staff rents compute from Rackspace or Amazon Web Services Having a cloud adoption strategy is key Allows for safe deployment of cloud solutions Protects sensitive data in transit Enables stewardship of IT and business assets

10 BYOD: Bring your own device
A Sea of Infinite Variables Benefits Increased productivity and innovation BYOD devices are typically more cutting-edge and are replaced more often Increased employee satisfaction Employee choice, eliminating multiple devices Potential cost reduction BYOD devices are generally self-administered and self-supported Challenges Balancing security and control with productivity and choice Managing data stored on devices End node problem

11 IOT: The internet of things
Exploding the Scale of Governance Top Concerns for IT Professionals Scale of security vulnerabilities Data privacy Identity and access management Attacks against connected devices Compliance Ownership of data/technology outside IT Source: Information Systems Audit and Control Association (ISACA)

12 Evolving trends in it governance
The Future of IT Governance Data-centric over system-centric Stewardship over controls Identity management over password management Safe Harbor

13 Data over systems Recognizing Value of Digital Assets THEN NOW
IT assets internal to corporate infrastructures Controlled access to systems and applications achieved governance objectives Little regulatory guidance Data was an afterthought: Not viewed as an asset Access outside applications was rare NOW Many IT assets outside corporate infrastructures: Cloud, BYOD, IoT Data must be protected at rest and in transit Increasingly stringent regulatory requirements: Increases pressure on internal IT departments, but: Provides evaluation criteria for external providers Data is central to business strategy: Access via API Decision support Stewardship “Data is the new oil”

14 Stewardship over controls
Recognizing the Value of Digital Assets Stewardship: Safe and Useful Enabling Protective Optimal use of digital assets Controls: Safe, but Not Useful Limiting Controlling Little consideration of useful value

15 Identity over passwords
More Passwords = Less Security Passwords are inherently unsecure: Easy to be captured or found: Phishing Keystroke-capture malware People still…write them on Post-It notes Rarely unique for each application Password expiration makes it worse Identity is superior to passwords: Based on internal knowledge: Name of first pet? Father’s middle name? Make/model of first car? Private keys/tokens are generated every session Biometrics: Fingerprints Face recognition

16 Safe Harbor Data Stewardship Across Boundaries USA Patriot Act
Mandates direct access by US government to cloud data belonging to non-Americans living outside the US—even if data is in a non-US location Applies to any company conducting “systematic business” in the US Circumvents local governmental authority International Safe Harbor Privacy Principles (EU) Seven principles for protection of personal data Allows exchange of personal data between EU and US for certified US companies Declared invalid in October 2015 by European Court of Justice Replaced by General Data Protection Regulation (GDPR)

17 Drivers of it governance
The “Why” of IT Governance Alignment: IT and business strategy Enablement: Business capabilities Stewardship: Data and systems Personal information Financial accountability Sensitive corporate information: trade secrets Value Ensuring IT delivers value to the organization

18 “The user’s going to pick dancing pigs over security every time.”
Bruce Schneier, ITGI

19 What can you do? Getting Ready for IT Governance 3.0
Assess your current IT governance landscape Doing the right things? Doing things the right way? Doing things well? Achieving objectives, goals, benefits? Clarify business landscape Business strategy: growth, acquisition, expansion Business objectives Articulate the value of good IT governance Alignment Enablement Stewardship

20 Thank you

Download ppt "IT Governance 3.0 The Next Evolution of IT Governance Brian Ellis"

Similar presentations

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
University of Nevada, Reno Data-Driven Organization Governance 1 Governing a data-driven organization (4/24/2014)  Define governance within organizations.

University of Nevada, Reno Data-Driven Organization Governance 1 Governing a data-driven organization (4/24/2014)  Define governance within organizations.
IT Governance https://store.theartofservice.com/the-it-governance-toolkit.html.

IT Governance
The Challenge of IT-Business Alignment

The Challenge of IT-Business Alignment
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.

BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
© 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Global Citizenship Walt Rosenberg.

© 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Global Citizenship Walt Rosenberg.
© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.

© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.
81 8. Managing Human Resources Managing the IS function Centralized control of IS function Distributed control of IS function Federated control of IS function.

81 8. Managing Human Resources Managing the IS function Centralized control of IS function Distributed control of IS function Federated control of IS function.
Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT 610 1.

Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT

Similar presentations

Ads by Google