Information Governance


Published on

Brief discription for IT and Information Governance

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Governance

  1. 1. Friday, January 08, 2010 Vicky Makhija
  2. 2. Information According to ISO 27001:2005, information is defined as: “An asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected.” Information Governance 2
  3. 3. Types of Information Printed or written on paper Stored electronically Transmitted by post or using electronic means Shown on corporate videos Verbal (e.g., spoken in conversations) Information Governance 3
  4. 4. Types of Information Information that you would not Internal want your competitors to know Information that customers would Customer or Client not wish you to divulge Information that needs to be shared Outsourced with other trading partners Information Governance 4
  5. 5. What is “IT Governance”? IT governance is the process of making decisions about IT and monitoring IT performance. Information Governance 5
  6. 6. The Eleven Control Clauses ORGANIZATIONAL STRUCTURE Management Security Policy Organizational Info Sec Asset Management Access Control Compliance Human Resource Business Continuity Security Management Systems Development Communications and Physical & and Maintenance Operations Management Environ. Security Operations Security Incident Management Information Governance 6
  7. 7. Ways of Accessing Corporate Information Information Governance 7
  8. 8. Security Awareness Information Governance 8
  9. 9. IT Governance Maturity Benchmark Non-existent Non-existent Initial/Ad Hoc Initial/Ad Hoc Repeatable Repeatable Defined Defined Managed Managed Optimized Optimized Level 0 Level 1 1 Level Level 2 Level 33 Level Level 44 Level Level 55 Level Level 0 – Non-existent – Management processes are not applied at all Level 1 – Initial/Ad Hoc – Processes are ad hoc and inconsistent Level 2 – Repeatable – Processes follow a regular pattern Level 3 – Defined – Processes are documented and communicated Level 4 – Managed – Processes are monitored and measured Level 5 – Optimized – Good practices are followed and automated Information Governance 9
  10. 10. What is Information Security Information security is the process of protecting information. It protects its availability, privacy/confidentiality and integrity. Information Governance 10
  11. 11. Information security Model Information Governance 11
  12. 12. Achieving Information Security 4 Ps of Information Security Information Governance 12
  13. 13. Eleven Main Security Categories Security policy Compliance Organization of info security Business continuity Asset Integrity Confidentiality management management Information Info Sec Incident HR security management Availability Physical and Info systems development & environmental maintenance security Communications Access control and operations management Information Governance 13
  14. 14. Risk versus Amount at Stake Total project life cycle I N Plan Accomplish C Phase 1 Phase 2 Phase 3 Phase 4 R Conceive Develop Execute Finish E A S $ I N (period when highest V G risks are incurred) A R L I U (period of highest S E K risk impact) TIME Information Governance 14
  15. 15. Summary Information Governance Processes People Technology Information Governance 15
  16. 16. Questions ? Information Governance 16
  17. 17. Thank You Information Governance 17