SlideShare ist ein Scribd-Unternehmen logo

Understanding governance

n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai Chapter - June 2013 Meet

BildungTechnologieBusiness
1 von 16
Downloaden Sie, um offline zu lesen
Understanding Governance
Opening Questions and Agenda • What do you mean by Governance? • What is IT Governance? • What do you mean by Management? • What is the difference between Governance and Management? • What is Information Security Governance? From here, we will imply the meaning of Governance in “corporate context” only.
Governance Governance is the system by which an organization is directed and controlled. It consists of a set of responsibilities that give strategic guidance to management to run the organization smoothly.
Governance and the “Board” A Board comprises of typically Directors, management representative (CEO), major shareholders and other stakeholders. Collectively they constitute Board of Directors. The Board of Directors is the legal representative of the Governance of the organization. The Board extends the accountability of all people who are directly involved in “business”. Information Security Governance IT Governance Corporate Governance
Relation between Shareholders, Board of Directors and Management
Board Functions Functions of the Board Company Vision Risk Mitigation Optimum Resource Utilization Design Policies and Procedures Adhere to compliance mandates Protect Shareholder Confidence Company Values
Applying Governance Case Study: Buying a Family Car Father (Director) Mother (Manager) Daughter (Advisor 2) Son (Advisor 1) Senior Family member(s) (Stakeholder)
Comparison between Governance and Management
Responsibility Governance Management Policies and Procedures Sets policy in areas of financial management, conflict of interests; reviews procedures, recommends updates and changes as needed; monitors organization’s compliance Develops procedures that match board policy; implementation of the boards’ policies on a daily basis Planning Develops and implements a board planning process, defines organization’s vision; develops mission statement; sets goals; reviews and approves objectives Arranges logistics for planning processes; writes objectives; develops work plans, timelines; implements work plans; makes progress reports and submits to Board Finance Ensures efficient financial policies and procedures and in accordance with the law meeting the requirements of funders; revises and approves budgets; reviews financial reports; selects auditor and reviews audit; Develops and implements financial management procedures as decided by Board; develops budgets; performs financial management tasks ; submits regular financial reports to the board; provides information to the auditor; submits required reports to funders
Responsibility Governance Management Board Operations Prepares agenda for meetings of the directors; decides what committees are needed to accomplish its work; monitors and evaluates work of committees Assists with development of agendas for meetings of the directors; suggest committees or committee members to board; sets up meetings, prepares meeting minutes Personnel Hires, fires and evaluates the chief executives. Determine salaries of senior level management, prepares succession plan Hires, fires and evaluates the employees. Determines salaries of lower management and employees Resource Development Develops strategies to acquire resources needed to pursue organization’s missions and objectives Assists with the development of strategies; implements resource strategies assigned by the Board Evaluation Evaluates chief executive and the match between the organization’s vision and mission and its activities and accomplishments; Evaluates staff; provides directors with information they need to evaluate match between the organization’s vision and mission and its accomplishments; conducts project evaluation
Applying IT Governance Case Study: Buying a Motor Cycle Father (Director) Son (Department Head) Asks the reason for additional capital Father (Director) Son (Department Head) Tells the reason, Has inadequate savings Father (Director) Son (Department Head) Asks to justify the additional investment Father (Director) Son (Department Head) Justifies the investments, promises payback Father (Director) Son (Department Head) Raises request for additional funds to buy bike Father (Director) Son (Department Head) Both parties are convinced, Funds transfer made 
IT Governance IT Governance Corporate Governance It is a subset of corporate Governance which addresses issues on how IT is applied across the organization. IT Governance governs IT assets and resources. That way, a better understanding of Total Cost of Ownership (TCO) is achieved for IT assets. Helps to align IT objectives with business objectives producing significant business value which is measurable and quantifiable. It is directly used by Directors on behalf of stakeholders who expect a return on their investment. Associated Framework(s) • Control Objectives for Information and Related Technology (COBIT), • ISO/IEC 38500: IT Governance
How IT Governance is different from IT Management ? IT Governance IT Management Directly used by the board members or directors who function on behalf of stakeholders/shareholders who have invested their money in the organization Acts as an execution body which functions as per the directions and goals set forward by the board. Makes sure that IT objectives are aligned with the business objectives producing measurable business value essential for the growth of the organization. Involved in implementation such as budgeting, staffing, organizing and controlling IT operations and assets. It is also involved in other aspects such as change management, software design, network planning, tech support etc. Brings in accountability within the enterprise due to the shared responsibility of both the directors and shareholders Focuses on managing IT assets in accordance with business needs and priorities.
Information Security Governance (ISG) Information Security Governance (ISG) Corporate Governance It is a subset of corporate Governance which addresses issues on how Information Security is implemented across the organization. ISG provides a peace of mind to stakeholders and shareholders that their investments are in "safe" state. ISG works in close tandem with IT Governance as well as the Organizational Risk Management function; it provides effective controls for any leakage of confidential information from the organization. It keeps businesses engaged in rapidly evolving technological areas ISG ensures service continuity and availability. By engaging in regular risk assessments it provides information about the risk appetite of the organization. It helps the board to take informed decisions before venturing into investments for new business areas.
Implementing good IS Governance • Is your IS Governance delivering value? • Is your IS Governance well planned? • Is your IS Governance well managed and measurable? • Is your IS Governance able to properly manage and mitigate risk?
THANK YOU !! - Manasdeep

Empfohlen

Slides for chapter 3 Portals - Corporate Information Strategy Management
Slides for chapter 3 Portals - Corporate Information Strategy Management Slides for chapter 3 Portals - Corporate Information Strategy Management
Slides for chapter 3 Portals - Corporate Information Strategy Management fawadsiddequi
 
Teams online ltd service governance framework
Teams online ltd service governance frameworkTeams online ltd service governance framework
Teams online ltd service governance frameworkLinda Bartlett
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding GovernanceNetwork Intelligence India
 
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?MLG College of Learning, Inc
 
The ceo scorecard 2016!
The ceo scorecard 2016!The ceo scorecard 2016!
The ceo scorecard 2016!bs srikanth
 
Technology For Enterprise Human Resource Management
Technology For Enterprise Human Resource ManagementTechnology For Enterprise Human Resource Management
Technology For Enterprise Human Resource ManagementKrishna Muppavarapu
 
Changing the role of top management
Changing the role of top managementChanging the role of top management
Changing the role of top managementSushant Kumar Sinha
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 

Empfohlen

Slides for chapter 3 Portals - Corporate Information Strategy Management
Slides for chapter 3 Portals - Corporate Information Strategy Management Slides for chapter 3 Portals - Corporate Information Strategy Management
Slides for chapter 3 Portals - Corporate Information Strategy Management fawadsiddequi
 
Teams online ltd service governance framework
Teams online ltd service governance frameworkTeams online ltd service governance framework
Teams online ltd service governance frameworkLinda Bartlett
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding GovernanceNetwork Intelligence India
 
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?
Module 1: The Role of Human Resources, Chapter 1-What is Human Resources?MLG College of Learning, Inc
 
The ceo scorecard 2016!
The ceo scorecard 2016!The ceo scorecard 2016!
The ceo scorecard 2016!bs srikanth
 
Technology For Enterprise Human Resource Management
Technology For Enterprise Human Resource ManagementTechnology For Enterprise Human Resource Management
Technology For Enterprise Human Resource ManagementKrishna Muppavarapu
 
Changing the role of top management
Changing the role of top managementChanging the role of top management
Changing the role of top managementSushant Kumar Sinha
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 
Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work Elijah Ezendu
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersWalter Adamson
 
Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)Richard Swartzbaugh
 
business organisation and management
business organisation and managementbusiness organisation and management
business organisation and managementYogesh Singhal
 
The National Standard on HR Risk Management
The National Standard on HR Risk Management The National Standard on HR Risk Management
The National Standard on HR Risk Management SABPP
 
Human Due Diligence Methodology
Human Due Diligence MethodologyHuman Due Diligence Methodology
Human Due Diligence MethodologyManofthetaste
 
Strategic Information Management Principles
Strategic Information Management PrinciplesStrategic Information Management Principles
Strategic Information Management Principleskmortens
 
Organization Alignment
Organization AlignmentOrganization Alignment
Organization Alignmentsethi_nitin
 
Ch13 mba
Ch13 mbaCh13 mba
Ch13 mbaaishah1993
 
Bsci Strategic Management Maturity Model
Bsci Strategic Management Maturity ModelBsci Strategic Management Maturity Model
Bsci Strategic Management Maturity ModelSteven Bonacorsi
 
Im information systems
Im information systemsIm information systems
Im information systemsUniversidad Tecnológica de México - UNITEC
 
Chapter one by mitku
Chapter one by mitkuChapter one by mitku
Chapter one by mitkumitkuassefa
 
Sustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New FrontiersSustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New FrontiersElijah Ezendu
 
IT Governance Frameworks
IT Governance FrameworksIT Governance Frameworks
IT Governance FrameworksSilvestri Consulting
 
The Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information ManagementThe Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information Managementkmortens
 
Management Concepts
Management ConceptsManagement Concepts
Management ConceptsJo Balucanag - Bitonio
 
Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1Taqprimer institute
 
Computer application in hrm final
Computer application in hrm finalComputer application in hrm final
Computer application in hrm finalAbhishek Soni
 
Co ordination
Co ordinationCo ordination
Co ordinationChinmay Raul
 
Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planningDhani Ahmad
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @DesIo t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @DesDesiree Miloshevic
 

Weitere ähnliche Inhalte

Was ist angesagt?

Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work Elijah Ezendu
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersWalter Adamson
 
Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)Richard Swartzbaugh
 
business organisation and management
business organisation and managementbusiness organisation and management
business organisation and managementYogesh Singhal
 
The National Standard on HR Risk Management
The National Standard on HR Risk Management The National Standard on HR Risk Management
The National Standard on HR Risk Management SABPP
 
Human Due Diligence Methodology
Human Due Diligence MethodologyHuman Due Diligence Methodology
Human Due Diligence MethodologyManofthetaste
 
Strategic Information Management Principles
Strategic Information Management PrinciplesStrategic Information Management Principles
Strategic Information Management Principleskmortens
 
Organization Alignment
Organization AlignmentOrganization Alignment
Organization Alignmentsethi_nitin
 
Bsci Strategic Management Maturity Model
Bsci Strategic Management Maturity ModelBsci Strategic Management Maturity Model
Bsci Strategic Management Maturity ModelSteven Bonacorsi
 
Chapter one by mitku
Chapter one by mitkuChapter one by mitku
Chapter one by mitkumitkuassefa
 
Sustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New FrontiersSustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New FrontiersElijah Ezendu
 
The Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information ManagementThe Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information Managementkmortens
 
Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1Taqprimer institute
 
Computer application in hrm final
Computer application in hrm finalComputer application in hrm final
Computer application in hrm finalAbhishek Soni
 
Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planningDhani Ahmad
 

Was ist angesagt? (20)

Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work Employer and Employee Relationship Versus Future of Work
Employer and Employee Relationship Versus Future of Work
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business Managers
 
Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)Human Capital Management in the Public Sector (2020)
Human Capital Management in the Public Sector (2020)
 
business organisation and management
business organisation and managementbusiness organisation and management
business organisation and management
 
The National Standard on HR Risk Management
The National Standard on HR Risk Management The National Standard on HR Risk Management
The National Standard on HR Risk Management
 
Human Due Diligence Methodology
Human Due Diligence MethodologyHuman Due Diligence Methodology
Human Due Diligence Methodology
 
Strategic Information Management Principles
Strategic Information Management PrinciplesStrategic Information Management Principles
Strategic Information Management Principles
 
Organization Alignment
Organization AlignmentOrganization Alignment
Organization Alignment
 
Ch13 mba
Ch13 mbaCh13 mba
Ch13 mba
 
Bsci Strategic Management Maturity Model
Bsci Strategic Management Maturity ModelBsci Strategic Management Maturity Model
Bsci Strategic Management Maturity Model
 
Im information systems
Im information systemsIm information systems
Im information systems
 
Chapter one by mitku
Chapter one by mitkuChapter one by mitku
Chapter one by mitku
 
Sustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New FrontiersSustaining Harmony in Workplace the New Frontiers
Sustaining Harmony in Workplace the New Frontiers
 
IT Governance Frameworks
IT Governance FrameworksIT Governance Frameworks
IT Governance Frameworks
 
The Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information ManagementThe Legal Issues Of Strategic Information Management
The Legal Issues Of Strategic Information Management
 
Management Concepts
Management ConceptsManagement Concepts
Management Concepts
 
Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1Strategic+thinking +dr.behboudi-session1
Strategic+thinking +dr.behboudi-session1
 
Computer application in hrm final
Computer application in hrm finalComputer application in hrm final
Computer application in hrm final
 
Co ordination
Co ordinationCo ordination
Co ordination
 
Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planning
 

Andere mochten auch

Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @DesIo t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @DesDesiree Miloshevic
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsMark Curphey
 
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presented
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presentedMp io t uk consultaiton 23 nov 2011 berlin (v3) final presented
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presentedgrahamhitchen
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 

Andere mochten auch (7)

Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @DesIo t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
Io t malta_2013 Internet of Things IoT Webinar Dec 2013 #iot @Des
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial Institutions
 
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presented
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presentedMp io t uk consultaiton 23 nov 2011 berlin (v3) final presented
Mp io t uk consultaiton 23 nov 2011 berlin (v3) final presented
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 

Ähnlich wie Understanding governance

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chaukeMayk Campelo
 
IT Governance.pptx
IT Governance.pptxIT Governance.pptx
IT Governance.pptxFaith Shimba
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 
Governance and Autonomous IT
Governance and Autonomous ITGovernance and Autonomous IT
Governance and Autonomous ITMalcolm Ryder
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0bluekiu
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Raising the Stakes - IT Governance
Raising the Stakes - IT GovernanceRaising the Stakes - IT Governance
Raising the Stakes - IT GovernanceMalcolm Ryder
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungnorsaidatul_akmar
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...SPTechCon
 
002. IT Strategic Planning
002. IT Strategic Planning002. IT Strategic Planning
002. IT Strategic PlanningArianto Muditomo
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramInfo-Tech Research Group
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic PlanningAriantoMuditomo
 

Ähnlich wie Understanding governance (20)

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
 
IT Governance.pptx
IT Governance.pptxIT Governance.pptx
IT Governance.pptx
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014
 
Governance and Autonomous IT
Governance and Autonomous ITGovernance and Autonomous IT
Governance and Autonomous IT
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Raising the Stakes - IT Governance
Raising the Stakes - IT GovernanceRaising the Stakes - IT Governance
Raising the Stakes - IT Governance
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
It governance
It governanceIt governance
It governance
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
The Value of Portfolio Management
The Value of Portfolio ManagementThe Value of Portfolio Management
The Value of Portfolio Management
 
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
 
002. IT Strategic Planning
002. IT Strategic Planning002. IT Strategic Planning
002. IT Strategic Planning
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 

Kürzlich hochgeladen (20)

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 

Understanding governance

  • 2. Opening Questions and Agenda • What do you mean by Governance? • What is IT Governance? • What do you mean by Management? • What is the difference between Governance and Management? • What is Information Security Governance? From here, we will imply the meaning of Governance in “corporate context” only.
  • 3. Governance Governance is the system by which an organization is directed and controlled. It consists of a set of responsibilities that give strategic guidance to management to run the organization smoothly.
  • 4. Governance and the “Board” A Board comprises of typically Directors, management representative (CEO), major shareholders and other stakeholders. Collectively they constitute Board of Directors. The Board of Directors is the legal representative of the Governance of the organization. The Board extends the accountability of all people who are directly involved in “business”. Information Security Governance IT Governance Corporate Governance
  • 5. Relation between Shareholders, Board of Directors and Management
  • 6. Board Functions Functions of the Board Company Vision Risk Mitigation Optimum Resource Utilization Design Policies and Procedures Adhere to compliance mandates Protect Shareholder Confidence Company Values
  • 7. Applying Governance Case Study: Buying a Family Car Father (Director) Mother (Manager) Daughter (Advisor 2) Son (Advisor 1) Senior Family member(s) (Stakeholder)
  • 9. Responsibility Governance Management Policies and Procedures Sets policy in areas of financial management, conflict of interests; reviews procedures, recommends updates and changes as needed; monitors organization’s compliance Develops procedures that match board policy; implementation of the boards’ policies on a daily basis Planning Develops and implements a board planning process, defines organization’s vision; develops mission statement; sets goals; reviews and approves objectives Arranges logistics for planning processes; writes objectives; develops work plans, timelines; implements work plans; makes progress reports and submits to Board Finance Ensures efficient financial policies and procedures and in accordance with the law meeting the requirements of funders; revises and approves budgets; reviews financial reports; selects auditor and reviews audit; Develops and implements financial management procedures as decided by Board; develops budgets; performs financial management tasks ; submits regular financial reports to the board; provides information to the auditor; submits required reports to funders
  • 10. Responsibility Governance Management Board Operations Prepares agenda for meetings of the directors; decides what committees are needed to accomplish its work; monitors and evaluates work of committees Assists with development of agendas for meetings of the directors; suggest committees or committee members to board; sets up meetings, prepares meeting minutes Personnel Hires, fires and evaluates the chief executives. Determine salaries of senior level management, prepares succession plan Hires, fires and evaluates the employees. Determines salaries of lower management and employees Resource Development Develops strategies to acquire resources needed to pursue organization’s missions and objectives Assists with the development of strategies; implements resource strategies assigned by the Board Evaluation Evaluates chief executive and the match between the organization’s vision and mission and its activities and accomplishments; Evaluates staff; provides directors with information they need to evaluate match between the organization’s vision and mission and its accomplishments; conducts project evaluation
  • 11. Applying IT Governance Case Study: Buying a Motor Cycle Father (Director) Son (Department Head) Asks the reason for additional capital Father (Director) Son (Department Head) Tells the reason, Has inadequate savings Father (Director) Son (Department Head) Asks to justify the additional investment Father (Director) Son (Department Head) Justifies the investments, promises payback Father (Director) Son (Department Head) Raises request for additional funds to buy bike Father (Director) Son (Department Head) Both parties are convinced, Funds transfer made 
  • 12. IT Governance IT Governance Corporate Governance It is a subset of corporate Governance which addresses issues on how IT is applied across the organization. IT Governance governs IT assets and resources. That way, a better understanding of Total Cost of Ownership (TCO) is achieved for IT assets. Helps to align IT objectives with business objectives producing significant business value which is measurable and quantifiable. It is directly used by Directors on behalf of stakeholders who expect a return on their investment. Associated Framework(s) • Control Objectives for Information and Related Technology (COBIT), • ISO/IEC 38500: IT Governance
  • 13. How IT Governance is different from IT Management ? IT Governance IT Management Directly used by the board members or directors who function on behalf of stakeholders/shareholders who have invested their money in the organization Acts as an execution body which functions as per the directions and goals set forward by the board. Makes sure that IT objectives are aligned with the business objectives producing measurable business value essential for the growth of the organization. Involved in implementation such as budgeting, staffing, organizing and controlling IT operations and assets. It is also involved in other aspects such as change management, software design, network planning, tech support etc. Brings in accountability within the enterprise due to the shared responsibility of both the directors and shareholders Focuses on managing IT assets in accordance with business needs and priorities.
  • 14. Information Security Governance (ISG) Information Security Governance (ISG) Corporate Governance It is a subset of corporate Governance which addresses issues on how Information Security is implemented across the organization. ISG provides a peace of mind to stakeholders and shareholders that their investments are in "safe" state. ISG works in close tandem with IT Governance as well as the Organizational Risk Management function; it provides effective controls for any leakage of confidential information from the organization. It keeps businesses engaged in rapidly evolving technological areas ISG ensures service continuity and availability. By engaging in regular risk assessments it provides information about the risk appetite of the organization. It helps the board to take informed decisions before venturing into investments for new business areas.
  • 15. Implementing good IS Governance • Is your IS Governance delivering value? • Is your IS Governance well planned? • Is your IS Governance well managed and measurable? • Is your IS Governance able to properly manage and mitigate risk?
  • 16. THANK YOU !! - Manasdeep