Your SlideShare is downloading. ×
0
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

EMC ANZ Momentum User Group 2011- Tech Track- Information Governance Maturity Model

482

Published on

Information Governance Maturity Model …

Information Governance Maturity Model
Resolving a multi-dimensional problem
Dalibor Ivkovic

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
482
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Governance Maturity Model Resolving a multi-dimensional problem Dalibor Ivkovic© Copyright 2011 EMC Corporation. All rights reserved. 1
  • 2. Information GovernanceTwo points of view What? Who? Why? Government 1 To fulfil statutory, courts regulatory & customersExternal point contractual partners of view obligations suppliers Reputation / Brand contractors ... Financial risk Staff Quality of service 2 To manage contractors information inter-business unit Productivity Internal point flows within an intra business unit of view organisation subsidiary Cost parent ...© Copyright 2011 EMC Corporation. All rights reserved. 2
  • 3. Highlighting the risks of poor Information Governance • A judgment for Coleman (Parent) Holdings in March 2005, also against Morgan Stanley for failure to comply with e-Discovery orders, resulted in costs of more than $1 billion. • Sony - Sony faces a court battle over how it will pay for legal claims made in the wake of a massive data breach. In April 2011, Sony discovered that hackers had gained access to 77 million accounts on its PlayStation Network. • Wiki Leaks - Intelligence analyst, who joined the US Army in 2007, is accused of leaking 720,000 secret military and diplomatic US government documents. • Cyber Warfare Command - In the US the Pentagons systems are probed by unauthorised users about 6 million times a day. Total losses to cyber crime globally may be as high as $1 trillion. • GFC / Collapse of Storm Financial - Major investigation in Australia. • Australian Legal battle / capital works project - “Why was the wrong design document used to build this $mill infrastructure?” • HK Government – “We want more transparency of government” – the issue of public confidence in government.© Copyright 2011 EMC Corporation. All rights reserved. 3
  • 4. Information Governance is not optional!Gigabytes 1,000B It keeps growing … 988 billion GB 900B – The amount of information in 988 800B 700B the world is set to increase 45- fold in the next decade. There billion 600B will be an 57% CAGR inverse relationship between information volume GB 500B and IT staffing. During the same period IT staff are 400B expected to grow 1.4-fold, 300B about 1/40th of the increase in data161 – IDC/EMC report 200B billion GB 100B 0 2005 2006 2007 2008 2009 2010 Source: IDC, “The Expanding Digital Universe,” Sponsored by EMC, March ‘07© Copyright 2011 EMC Corporation. All rights reserved. 4
  • 5. Influential Roles This table indicates which roles are influential in each area of Information Governance Information Policy Information Information Information Retention Risk Management Capture & Access & Content Lifecycle Classification Security Governance Management CxO x x Compliance x x x x x x & Legal Information x x x x x Manager Bus Mgrs x x x x IT x x x x x© Copyright 2011 EMC Corporation. All rights reserved. 5
  • 6. Information Governance Four dimensions Business Risks & Policies Information Governance Applications Infrastructure Access Control Hardware Control Content Structured & Unstructured Classification & Controls© Copyright 2011 EMC Corporation. All rights reserved. 6
  • 7. Leak of Intellectual Property A contractor has distributed a sensitive Information document to your competitor Risk Leak of How did it happen? Tech specs Information Policies Updated Contractor Policy Required? Training Information Access & Secured? Audit Trail? Security Information Capture & Classified Classification Correctly? Information Content Appropriate Governance Legal Notices? Records Lifecycle Retention of Management A single issue can involve all Legal documents? areas of information governance© Copyright 2011 EMC Corporation. All rights reserved. 7
  • 8. Six Information Governance Categories (columns in the maturity model chart) • Information Risk – Regulatory compliance – Competitive threats • Policy Management – Definition, Discovery and ownership – Including the structure of the governance organization itself – Ability to communicate and enforce policies • Information Capture & Classification – e.g. Content, Email, Transactions, Call data • Information Access & Security – Access policies, corporate boundaries • Information Content Governance – Consistency, templates, legal clauses, brand governance • Records Lifecycle Management – Governance of information throughout its lifecycle© Copyright 2011 EMC Corporation. All rights reserved. 8
  • 9. Maturity Levels • The following 5 levels of maturity are proposed: • 5 – Optimized – The most effective and efficient possible, deliberate process improvement/optimization • 4 – Managed – Repeatable measurement against metrics, and an integrated part of the business operation • 3 – Proactive – Some planning and action, improved understanding of the process concerned • 2 – Reactive – Ad hoc activity based on day-to-day issues, “individual heroics” • 1 – Aware – Know that an issue exists, but little action© Copyright 2011 EMC Corporation. All rights reserved. 9
  • 10. Information Access & Security Aware Reactive Proactive Managed Optimized No overall plan, but Security breaches Active management Common plan for Shared, centralised aware of potential dealt with as they of security model, security policy security policies issues occur. Not policy process based implementation across referenced and driven security in some the enterprise, enforced automatically, areas. Manual managed by including boundary configuration responsible team. controls, breach alerts. between systems Regular monitoring Unsecured Loss of IP management High docs integration Fast threat and support detection and Benefits cost response Customer Scalable Data lost to support or stolen growth Automated Risks updates for Rapid, secure new threats Centralized Identities & user provision/ passwords de-provision High risk Trust Information framework protected established© Copyright 2011 EMC Corporation. All rights reserved. 10
  • 11. Information Capture & Classification Aware Reactive Proactive Managed Optimized Limited identification Identified information Selected information Enforced capture, Automatic rule-based of information types, types, ad hoc types managed as consistent capture and poor classification classification, loosely identified classification rules. classification processes enforced Centrally managed maintained centrally.” policies Losing what Cost of Loss of you need, wasted customer data Efficient keeping what duplication you don’t access Benefits Litigation and storage through Success No basis for e-Discovery In ECM/Data security Risks systems Productive deployment knowledge workers Effective Controlled search vocabularies reduce cost Maximum Strong and risk value from your platform for information records mgmt© Copyright 2011 EMC Corporation. All rights reserved. 11
  • 12. Records Lifecycle Management Aware Reactive Proactive Managed Optimized Aware of the need Some long term Retention policy Records policies Automatic application for retention policies archiving, managed applied manually at applied of lifecycle policies and but not formally on ad hoc basis. May point of retention automatically dynamic management identified be paper storage based on pre-defined based on system over time through classifications/ defined policies appropriate storage taxonomy and information classification Leakage of Litigation Storage competitive through bloat information audits and e-discovery e-Discovery No response ready Benefits to freedom of information requests MoReq2 Tiered storage Risks Compliance benefits Keep only Essential Secure Records, Chain of Save $$ Custody Improved search© Copyright 2011 EMC Corporation. All rights reserved. 12
  • 13. Barriers to Enterprise Information Governance • There are several reasons why proper information governance remains elusive, but the biggest challenges worldwide are (Economist): – Identifying the cost/risk/return tradeoffs of managing information company-wide (40%) – Enforcing policies company-wide (39%) – Gaining support from department heads and line-of business managers (35%) are also obstacles.© Copyright 2011 EMC Corporation. All rights reserved. 13
  • 14. Maturity Model Information Risk Policy Information Access Information Information Records Lifecycle Management & Security Capture & Content Management Classification Governance 5 Automated detection and remediation of high risk Policies defined/confirmed and Shared, centralised security policies Automated capture and classification Automated policy enforcement Automatic application of policies and dynamic information automatically enforced, referenced and enforced based on centralised internally and across management over time with verification automatically, including policies all external through appropriate Data Discovery boundary controls, interfaces. Site Retention and storage breach alerts. Assessment integrity check Records policiesPolicy Records 4 Active management of risks on regular basis. Active management on Policy regular basis using well Common plan for security policy implementation Enforced capture, consistent Agreed policies, automatically Review applied automatically based on IG Risk Well classified Frameworkacross theby responsible classified information enterprise, classification rules. enforced. system defined policies Assessment information types in types in managed managed Content Centrally managed Dynamically and information managed repositories Assessment Regular repositories. team. policies generated content classification monitoring Consolidation 3 Awareness of information Policies published Active management of Assessment Selected information Agreed policies, Retention policy applied risks , Silo’d repositories corp.wide, manual security model, process types managed as automatically and/or manually at point of with some riskier enforcement by subset of based security in some identified, automated manually enforced. retention based on pre- information more owners. areas. Manual scan & file Some standard defined classifications managed than others, configuration between templates /taxonomy possibly by department. systems 2 Specific risk issues are worked on as they arise Selectively communicated, manual Security breaches dealt with as they occur. Not Identified information types, ad hoc Manually enforced rules Some retention schedules defined, managed on ad enforcement when issues policy driven classification, loosely departmentally/appli hoc basis. May be paper arise enforced cation specific storage 1 Awareness of operational risk in information Awareness of the need, but no definition or No overall plan, but aware of potential issues Limited identification of information types, User driven free-form author/publish Aware of the need for retention policies but not handling, but not enforcement poor classification formally identified managed processes© Copyright 2011 EMC Corporation. All rights reserved. 14
  • 15. Consulting exercises summary Exercise Duration (days) Done by Output IG Maturity Model 2 (1d workshop) Strategic MM and benefits Workshop Consultant summary presented Unstructured Data 3-5 Consultant Statistical reports and Discovery Assessment recommendations IG Risk Assessment 10-20 Strategic Itemised report Consultant Content Consolidation 3-5 Consultant Statistical reports and Assessment recommendations Summary Business Case 10 Strategic Summary business case and ROI Model Consultant and high level plan Retention and Records 5 RM Strategic Policy recommendations Policy Review Consultant© Copyright 2011 EMC Corporation. All rights reserved. 15
  • 16. Maturity Model Workshop deliverable• Report – Current positioning on the maturity model – Risks of current position – Potential benefits to be gained in each area – Recommendations for target maturity level and next steps – Areas where IIG can assist© Copyright 2011 EMC Corporation. All rights reserved. 16
  • 17. Business Case / Roadmap 2010 2011 2012 Information Audit R3 R4 Preparation Collab RPS Risk deploy deploy Policy Detail Execute Management plans Access & Single Sign 2 Factor Security on Authentication Capture & Site Search & Classification eDiscovery Engine Content Web Site Auto- SAP Governance checks Integr. Records Retention Lifecycle in place Management This high level schedule provides an overview of the programme. Each program will be assessed and scheduled with its own business justification and budget© Copyright 2011 EMC Corporation. All rights reserved. 17
  • 18. THANK YOU© Copyright 2011 EMC Corporation. All rights reserved. 18

×