In order to have a successful IG program, one of the eight (8) Information Risk Planning and Management step is to develop metrics and measure results. From your required readings, discuss the value that metrics brings to the organization, and identify critical measures of success that should be tracked
CHAPTER GOALS AND OBJECTIVES
Know the 8 Generally Accepted Recordkeeping Principles®
What is the IG Reference Model?
What does the IGRM Diagram consist of?
What are the best practice considerations?
What is the benefits and risks of having standards?
What are the key standards relevant to IG
2
A Review of the 8 Generally Accepted
Recording Keeping Principles®
1. Accountability
2. Transparency
3. Integrity
4. Protection
5. Compliance
6. Availability
7. Retention
8. Disposition
So…what is the significance of these principles?
3
IG REFERENCE MODEL
➢ Who?
➢ ARMA International & CGOC
➢ When?
➢ 2012
➢ Where?
➢ As part of the EDRM Project Version 3.0
➢ Why?
➢ To foster the adoption by facilitating
communication and collaboration between
IG stakeholder functions, legal, records
management, risk management, and business
unit stakeholders.
4
HOW TO INTERPRET THE IGRM DIAGRAM
Outer Ring: Complex set of interoperable processes
and implementing he procedures and structural
element to put them into practice
➢ Requirements:
➢ Understanding of business imperatives
➢ Knowledge of appropriate tools and infrastructure
➢ Sensitivity to legal and regulatory obligations
Inner Ring: Depicts a work-flow (life-cycle) diagram.
Shows that information management is important at
all stages of the lifecycle
5
How the IGRM Diagram related to the
Generally Accepted Recordkeeping Principles®
➢ Support the ARMA Principle by identifying the cross-functional groups of IG
stakeholders
➢ Depicts the intersecting objectives of the organization
➢ Depicts the relationship duty, value and information assets
➢ Used by proactive organizations as an introspective lens to facilitate visualization,
understanding and discussion concerning how to apple the “Principles” to the
organization.
➢ Puts focus on the “Principles”
➢ Provides essential context for the maturity model
6
Considerations in IG Policy Formation
➢ Best Practices?
➢ YES!
➢ Understand that Best
Practices will vary per
organization
➢ Review 25 generic Best
Practices, Pages 75 and 76
of text book
7
➢ Standards?
➢ YES!
➢ Two types to consider
➢ De Jure Standards - Legal standards published by
standards setting bodies such as IOS, ANSI, NIST, BTS and
others
➢ De Facto Standards – Informal standards regarded by
many as actual standards – arising through popular use
(Example: Windows in the business world in 2001-2010).
May be published by formal standards setting bodies
without having “Formal” status
Benefits and Risks of Standards
Benefits
➢ Quality Assurance Support
➢ Interoperability Support
➢ I ...
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
In order to have a successful IG program, one of the eight (8) I
1. In order to have a successful IG program, one of the eight (8)
Information Risk Planning and Management step is to develop
metrics and measure results. From your required readings,
discuss the value that metrics brings to the organization, and
identify critical measures of success that should be tracked
CHAPTER GOALS AND OBJECTIVES
iderations?
2
A Review of the 8 Generally Accepted
Recording Keeping Principles®
1. Accountability
2. 2. Transparency
3. Integrity
4. Protection
5. Compliance
6. Availability
7. Retention
8. Disposition
So…what is the significance of these principles?
3
IG REFERENCE MODEL
➢ Who?
➢ ARMA International & CGOC
➢ When?
➢ 2012
➢ Where?
➢ As part of the EDRM Project Version 3.0
➢ Why?
➢ To foster the adoption by facilitating
3. communication and collaboration between
IG stakeholder functions, legal, records
management, risk management, and business
unit stakeholders.
4
HOW TO INTERPRET THE IGRM DIAGRAM
Outer Ring: Complex set of interoperable processes
and implementing he procedures and structural
element to put them into practice
➢ Requirements:
➢ Understanding of business imperatives
➢ Knowledge of appropriate tools and infrastructure
➢ Sensitivity to legal and regulatory obligations
Inner Ring: Depicts a work-flow (life-cycle) diagram.
Shows that information management is important at
all stages of the lifecycle
5
How the IGRM Diagram related to the
4. Generally Accepted Recordkeeping Principles®
➢ Support the ARMA Principle by identifying the cross-
functional groups of IG
stakeholders
➢ Depicts the intersecting objectives of the organization
➢ Depicts the relationship duty, value and information assets
➢ Used by proactive organizations as an introspective lens to
facilitate visualization,
understanding and discussion concerning how to apple the
“Principles” to the
organization.
➢ Puts focus on the “Principles”
➢ Provides essential context for the maturity model
6
Considerations in IG Policy Formation
➢ Best Practices?
➢ YES!
➢ Understand that Best
Practices will vary per
5. organization
➢ Review 25 generic Best
Practices, Pages 75 and 76
of text book
7
➢ Standards?
➢ YES!
➢ Two types to consider
➢ De Jure Standards - Legal standards published by
standards setting bodies such as IOS, ANSI, NIST, BTS and
others
➢ De Facto Standards – Informal standards regarded by
many as actual standards – arising through popular use
(Example: Windows in the business world in 2001-2010).
May be published by formal standards setting bodies
without having “Formal” status
Benefits and Risks of Standards
6. Benefits
➢ Quality Assurance Support
➢ Interoperability Support
➢ Implementation Framework and
Certification Checklists
➢ Cost Reduction
➢ International Consensus
8
Risks
➢ Possible Decreased Flexibility
➢ Standards Confusion
➢ Real-World Shortcomings to due Theoretical
Basis
➢ Cost and Maintenance Involving in Updating
Standard
KEY STANDARDS RELEVANT TO IG
Risk Management
7. ➢ ISO 31000-2009 – States principles and generic guidelines of
risk management
applicable to IG
➢ Provides a structured framework for development and
implementation of risk
management strategies and programs
➢ “Risk Management Framework”: Set of two basic components
(foundations
and organizational arrangements) that support and sustain risk
management
throughout the organization.
9
KEY STANDARDS RELEVANT TO IG
Information Security Management
➢ ISO/IEC 27001:2005- Information Security Management
System Standard that provides
guidance in development of security controls for protection of
information assets
➢ Flexible –can be applied to different activities and processes
➢ Includes use of standards by auditors and stakeholders
➢ ISO/IEC 27002:2005-Information Technology-Security
Techniques-Code of Practice for
8. Information Security
➢ Establishes guidelines and general principle for initiating,
implementing, maintaining and improving
information security mgt.
➢ Includes Best Practices of Control Objectives in 11 key areas
of information security management
➢ ISO/IE 38500:2008 –International Standard for high-level
principle and guidance for senior
executives and directors, and advisors for effective and efficient
use of IT
➢ Three major sections
➢ Scope, Application and Objectives
➢ Framework for Good Corporate Governance of IT
➢ Guidance for Corporate Governance of IT
10
KEY STANDARDS RELEVANT TO IG
RECORDS AND E-RECORDS MANAGEMENT
➢ ISO 15489-1:2001 and ISO 15489-2:2001– International
Standard for Records
Management
➢ Part 1:Provides a framework and high-level overview of RM
core principles
9. ➢ Part 1:Defines RM as “Field of management responsibility
for the efficient and
systematic control of creation receipt, maintenance, use and
disposition of
records, including processes for capturing and maintaining
evidence of and
information about business activities and transactions in the
form of records”1
➢ Part 2: Technical Specifications and Methodology for
implementing standard
➢ ISO 30300;2011 – Information and Documentation-
Management Systems for Records-
Fundamentals and Vocabulary
➢ ISO 30301:2011 – Information and Documentation-
Management Systems for Records –
Requirements
1ISO 15489-1:2001 Information and Documentation-Records
Management, Part 1:General Geneva: ISO, 2001), section 3.16.
11
NATIONAL, INTERNATIONAL AND REGIONAL ERM
STANDARDS
United States E-Records Standard
➢ U.S. DOD 5015.2 Design Criteria Standard For
Electronic Records Management Software
Applications
10. ➢ Developed in 1997
➢ Updated in 2002 and 2007
Canadian Standards
➢ Electronic Records as Documentary Evidence
CAN/CGSB-72.34-2005
➢ Microfilm and Electronic Images as
Documentary Evidence CAN/DGSB-72.11-93
➢ Canadian Legal Considerations
➢ Relies on prime directive-that an
organization shall always be prepared to
produce its records as evidence- and its
national standards, for the admissibility of
electronic records in court proceedings
➢ The admissibility of records as evidence is
determined under the business records
provisions of the Evidence Act
12
NATIONAL, INTERNATIONAL AND REGIONAL ERM
STANDARDS…CONTINUED
United Kingdom
➢ The National Archives
11. ➢ To sets of functions requirements to
promote the development of the
electronic records management
software market (one in 1999 and
one in 2002)
➢ Model Requirements of Electronic
Records
➢ MoReq2
➢ MoReq2010
Australian ERM and Records Management
Standards
➢ Has consistently been world leader in
this area
➢ Adopted all three parts of ISO 16175
as its e-records standard
➢ Australian Government Recordkeeping
Metadata Standard Version 2.0
➢ Australian Government Locator
Service
➢ AS 5090:2003 – Work Process Analysis
for Recordkeeping
13
LONG-TERM DIGITAL PRESERVATION
12. ➢ Referred to as “LTDP”
➢ LTDP is a key area for IG policy
development
➢ Frequently not addressed in an IG plan
➢ Should be applied in preserving
historical and “vital records” and in
order to maintain its corporate or
organizational memory
➢ Key Standards for LTDP:
➢ PDF/A-2 –official standard format
for preserving electronic
documents, developed by Adobe.
➢ ISO 19005-1:2005 Document
Management is the published
specification requiring PDF format
➢ ISO 14721:2012 – Space Data and
Information Transfer Systems –Open
Archival Information Systems
➢ ISO TR 18492(2005) – Long Term
Preservation of Electronic
Document Based Information
➢ ISO 16363:2012 – Space Data and
Information Transfer Systems-Audit
13. and Certification of Trustworthy
Digital Repositories
14
BUSINESS CONTINUITY MANAGEMENT
➢ ISO 22301:2012 – Societal Security –
Business Continuity Management Systems
Requirements
➢ Specifies requirements for creating and
implementing a standardized approach to
business continuity management ----- this is
also known as Disaster Recovery
Benefits of ISO 22301
➢ Threat Identification and Assessment
➢ Threat and Recovery Planning
➢ Mission-critical process protection
➢ Stakeholder Confidence
15
14. THINGS TO REMEMBER IN DEVELOPING THE IG
POLICY
goals
sponsor who can garner executive
support for the IG program and
policies
communications and training
component
new policies and practices
relevant and useful and can actually
be measured
upon metrics, tests and audit results
for policy violations and communicate
that to employees
15. culture
16
The End
17
Topic:
This week's reading centered around how Big Data analytics can
be used with Smart Cities. This is exciting and can provide
many benefits to individuals as well as organizations. For this
week's research assignment, you are to search the Internet for
other uses of Big Data in RADICAL platforms. Please pick an
organization or two and discuss the usage of big data in
RADICAL platforms including how big data analytics is used in
those situations as well as with Smart Cities.
Your paper should meet these requirements:
Be approximately four to six pages in length, not including the
required cover page and reference page.
Follow APA 7 guidelines. Your paper should include an
introduction, a body with fully developed content, and a
conclusion.
Support your answers with the readings from the course and at
least two scholarly journal articles to support your positions,
claims, and observation