IT Governance, Risk, and Compliance

Second-Tier Governance Deployment – Part V

Robert E. Davis — Thu, 19 Nov 2009 21:16:15 +0000

Governance usually occurs at different organizational strata, with procedures tailored for processes, with processes linking up to systems, and programs receiving objectives from the entity’s oversight committee through established reporting lines. Alternatively or simultaneously, designated technological resources may provide information directly to the entity’s oversight committee for critical programs, systems, or processes. Summarily, these connectivity approaches will not be effective unless approved plans as well as organized strategic objectives and goals have first been conveyed within the entity’s organizational structure. Therefore, management should govern safeguarding information assets through an ‘objectives-based’ security program or risk excessive incidents that may impact financial stability, customer loyalty and/or employee morale.

“View Part I of the Second-Tier Governance Development series here“

Second-Tier Governance Deployment – Part IV

Robert E. Davis — Mon, 16 Nov 2009 20:13:48 +0000

Abstraction levels are developed based on perceived usefulness. Second-tier Governance Tree information nodes can be viewed in the context of programs, systems, and processes. Pragmatically, establishment of entity-level governance is a second-tier concentrator within the Governance Tree model that focuses on creating an adequate control environment, institutionalizing risk assessments, providing fluid information and communication, ensuring performance monitoring and evaluation, as well as designing and implementing necessary activities. Governance Tree understanding enables abstraction for superior information security program deployment.

“View Part I of the Second-Tier Governance Development series here“

Second-Tier Governance Deployment – Part III

Robert E. Davis — Thu, 12 Nov 2009 21:10:27 +0000

Entity tonal and nodal associations create powerful decision making structures that enable achieving objectives and goals. Information is generally considered the primal basis for decision making. However, to affect decision making information must be communicated through an acceptable medium. Communication is the key for formulating, implementing, organizing, and controlling entity-centric purpose. Effective communication unifies and simultaneously permits environment, risk, information, and activity stratification. Organizational information characteristically flows through multiplexed communication networks to ensure appropriate employee direction and participation. Conceptually, considering the data tree structure, formal information and communication flows to and from various horizontally linked and vertically aligned nodes. Within this framework, second-tier ‘Governance Tree’ nodes reflect entity-level hubs that collect, analyze, evaluate and disseminate information.

“View Part I of the Second-Tier Governance Development series here“

Second-Tier Governance Deployment – Part II

Robert E. Davis — Mon, 09 Nov 2009 18:34:54 +0000

Governance definitional phrases typically embrace language explaining relationships and incentives among ‘oversight committee’ members, senior executives, and ’stakeholders’ resulting in financial accountability, transparent responsibility, and assertion reliability. Exercising effective governance throughout an entity requires the top level oversight committee and senior executives have an unambiguous understanding of what to expect from programs, systems, and processes. An entity’s oversight committee and senior executives’ should be equipped to direct resource deployments, evaluate the entity’s status regarding existing plans and determine strategies as well as objectives for effective and efficient programs. Foundationally, organizational information and communication relies on a hierarchical data structure, with the parent node (commonly designated as an entities ‘Tone at the Top’) connecting to offspring to drive cohesiveness.

“View Part I of the Second-Tier Governance Development series here“

Second-Tier Governance Deployment – Part I

Robert E. Davis — Thu, 05 Nov 2009 19:43:50 +0000

Governing an entity mandates management accurately conceptualize organizational development, information criticality, and communication paths. For-profit entities are formulated to generate tangible and intangible wealth for stakeholders, while not-for-profit entities are constructed to satisfy perceived societal needs. Governance is required in both organizational classifications to ensure management pursues achieving the entity’s mission ethically and legally. Theoretically, regarding information criticality and communication paths, governance is normally conveyed utilizing architectural linkages.

First-Tier Governance Development - Part IV

Robert E. Davis — Mon, 02 Nov 2009 17:34:12 +0000

Organizational units exist for various reasons. Threading from the first-tier Governance Tree level, linked leaves are inextricably affected by external forces. An organizational formation’s continuity depends on relevant, accurate and timely external environment information assessments to drive appropriate governance. Management, especially information security management, can not establish an adequate safeguarding posture unless root expectations are understood and potential threats, weaknesses as well as opportunities are appropriately redressed. Applying the described Governance Tree framework allows methodological, value driven consideration, development and deployment of aligned programs that positively impact control environment awareness and subsequent resource allocation decisions.

“View Part I of the First-Tier Governance Development series here“

First-Tier Governance Development - Part III

Robert E. Davis — Thu, 29 Oct 2009 20:13:40 +0000

Depending on an entity’s technological advancement, information may be conveyed and received through visual, auditory, as well as sensation receptors that enable current or future processing of presented information for decisional application. The list of communicated expectations extends to acceptable organizational structures, financing sources, and business behaviors. Nonetheless, governance influence may be limited to a particular nodal type.

Governance Tree structural behavior should be studied as an open system that continually interacts with the external and internal environment through functionally adaptive mechanisms permitting perceived mission corrections. Organizational interactions exist in various forms, including strategic, operational, and compliance mandates. An active Governance Tree node must accurately forecast standard events impacting organizational plans or face the possibility of elimination or consolidation. Furthermore, stagnant items within a dynamic Governance Tree node will typically cease to significantly sway decisions over time.

“View Part I of the First-Tier Governance Development series here“

First-Tier Governance Development - Part II

Robert E. Davis — Mon, 26 Oct 2009 19:44:53 +0000

Information and decision theories have point convergences when conjoined with the binodal Governance Tree depicting entity relationships. Information theory practice domains include data processing systems design, organization analysis, and advertising effectiveness; whereas decision theory practice areas encompass organization, learning, cybernetics, and sub-optimization disciplines. At the application-level, information theory techniques can be utilized for classification determination, impact assessments, and technological valuations while decision theory techniques can be employed for objectives determination, interaction assessments, performance estimates, and organizational analysis.

Commonly, entities are developed to satisfy a perceived need for a particular product or service based on available information. Some individuals and groups may consider it an “inconvenient truth” that organizational activities are indirectly, if not directly, impacted by extrapolated external conditions presented in root information. Collectively, first-tier Governance Tree entities represent external parties capable of directing and/or controlling second-tier nodal information and communication activity. Specifically, first-tier external parties provide expectation information impacting linked nodes within the Governance Tree model.

“View Part I of the First-Tier Governance Development series here“

First-Tier Governance Development - Part I

Robert E. Davis — Thu, 22 Oct 2009 17:55:29 +0000

Organizationally, governance is the system by which entities are directed and controlled. “Potential stakeholders usually rely upon governance elements prior to investing their time, talent, and/or money.” Leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance enabling the flow of stakeholder expectations to construct an effective ISG framework. Descriptively; ISG development echoes how an entity’s information security management team intends to accomplish the organizational safeguarding mission. Properly framed, ISG supports stakeholder expectations related to management’s explicit or implicit fiduciary responsibilities.

When framing governance, domains can be formed and connected through parent-child information relationships. Idiomatically, a technological hierarchical structure is often called a tree. It is composed of a set of elements known as nodes that are abstractively linked. However, dissimilar to biological trees, technological trees have an inverted germination base, where lower-level accessibility is only achieved through top-down paths to associated elements. Regarding architectural design, the ‘Governance Tree‘ paradigm currently has a ‘height’ of six (number of levels), a ‘moment’ of one-hundred-thirty-five (number of nodes), a ‘weight’ of one-hundred-twenty-eight (number of leaves), and a ‘radix’ of one (number of roots). Interpretively, present Governance Tree ‘dimensions’ enable describing managerial information and communication aspects permitting alignment of nodal families.

Service Restoration Planning - Part IV

Robert E. Davis — Mon, 19 Oct 2009 19:12:07 +0000

Considering information systems are generally critical to enhancing productivity, it is imperative deployed IT provide availability with service responsiveness meeting user utilization demands, even during crisis situations. Entity susceptibility as well as IT operational resiliency impact speedy and systematic redress for fulfilling efficiency, effectiveness, availability, and compliance requirements. Furthermore, neither business nor IT resides within static environments. Thus, environmental dynamics can generate changes altering system activities that require timely response and restoration to ensure continuous service delivery.

Whenever a natural or unnatural disaster strikes, recovering data usually is the top managerial priority for entities. Given the common, advance state of transactional processing dependence on technology, most entities’ will immediately suffer a diminished capacity for achieving operational efficiency goals, if IT is not restored in a timely manner. How expeditiously an entity resumes business processing after a tragedy normally depends on well documented and tested alternative plans for emergencies, and the velocity with which a disaster recovery site can receive back-up media and restore user services.

“View Part I of the Service Restoration Planning series here“