ITG

Supporting ISG Deployment - Part V

What ever your perspective may be, the importance of effective and efficient ISG cannot be overlooked in the current global high technology environment. Considering what is at stake for most entities, when security is compromised, usually justifying ISG deployment based on one viewpoint narrows managerial suitability and expected benefits. In the final analysis, combining the discussed individual abstraction level may provide the most appropriate support for institutionalizing ISG.

“View Part I of the Supporting ISG Deployment series here“

Supporting ISG Deployment - Part IV

If, however, you assume ISG provides financial and/or reputational benefits, potential stakeholders are presumed to rely upon governance elements prior to investing their time, talent, and/or money. Therefore, ascertaining the effectiveness and efficiency of entity-centric information security objectives, through adequate monitoring, is rudimentary to sound business practices for satisfying stakeholder safeguarding expectations. In this regard, effectiveness and efficiency evaluation requires measurement against established standards. The performance measures should be established when standards are created or adopted. Techniques utilized for ISG implementation include: maturity modeling, budgeting, benchmarking, and gap analysis. Base on the perceived opportunity for enrichment, with provable risk reductions, publicized superior ISG deployment may attract additional investors.

“View Part I of the Supporting ISG Deployment series here“

Supporting ISG Deployment - Part III

Alternatively, if you perceive ISG as a descriptive prescription for achieving managerial objectives, the adopted ISG methodology should provide security assessments defining strategic, tactical, and operational risks. Management usually is vigilant regarding the cost of controls and the benefits that can be derived from controls deployment and utilization, while achieving an entity’s strategic direction. Concurrently, auditors are concerned with the impact of information security controls on an entity’s internal control system. To redress cost-benefit, strategic direction as well as control impact issues, ISG effectiveness and efficiency directly related to managerial responsibility, accountability, and authority structure should be demonstrated through appropriate measurement tools. Therefore, at the methodological root, understanding ISG roles are considered crucial to managing secure processes.

“View Part I of the Supporting ISG Deployment series here“

Supporting ISG Deployment - Part II

If you envision ISG as a framework servicing entity and ‘IT governance‘, then structurally, ISG should be implemented as an organizational program with objectives, goals, policies, procedures, standards, and rules designed to accomplish management’s intentions. To drive safeguarding controls, ISG should receive ’significant program’ status because other entity and IT programs are directly impacted by ISG effectiveness. Furthermore, efficiency of controls should be obtained through models available to assist in deploying ISG.

“View Part I of the Supporting ISG Deployment series here“

Supporting ISG Deployment - Part I

Traversing to and aligning with potential ‘Governance Tree‘ third-tier abstraction levels; information security governance (ISG) can be viewed as a framework, methodology, or technique. Framing ISG enables a “system of controls” assisting in assuring organizational goals and objectives are achieved effectively and efficiently. Methodologically, ISG furnishes descriptive details of the role direction and controls play in achieving entity-centric objectives. Lastly, as a technique, ISG provides processes and steps that can generate superior financial and/or reputational returns for stakeholders.

Synchronizing Balanced Scorecards - Part IV

Balanced Scorecards are considered an effective means to assist the entity’s oversight committee and operational management in achieving information security, IT and business alignment. The aim of instituting performance measurements is to permit activities transparency that enables circumspective managerial decisions. A comprehensive set of entity-centric measures or indicators tied to performance requirements can represent a visible strategic foundation for alignment of all associated activities with entity-centric goals.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part III

Balanced Scorecard is a strategic planning and management system that can be utilized in for-profit and not-for-profit entities for business activities alignment to the organizational mission, communication improvement as well as monitoring performance against strategic goals. Balanced Scorecard is considered a ‘value-added’ performance measurement framework — through strategic non-financial performance measures — that supplies expanded organizational performance visualization. Methodologically, Balanced Scorecard builds on a few previously established management concepts including customer-defined quality, continuous improvement, employee empowerment, and ‘measurement-based’ management as well as feedback.

Balanced scorecard deployment integrates feedback from internal business process outputs while obtaining feedback from business strategy outcomes. Consequently, this creates a “double-loop feedback” system within the balanced scorecard implementation. The standardized Balanced Scorecard perspectives are: Learning and Growth, Business Process, Customer, and Financial. This general balanced scorecard theory can transmute to measure information security objectives achievement utilizing Business Contribution, Future Orientation, Operational Excellence, and Customer Orientation categories for continuously improving strategic performance and results.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part II

Typically, measures or indicators should be selected from factors that lead to improved employee, customer, operational, and/or financial performance. Performance measures or indicators are assessable products’ or services‘ characteristics utilized to track and improve organizational results. Most modern entities depend upon performance measurement and analysis to ensure directional attentiveness. Measurements should be derived from the entity’s strategy and provide critical data and information about key processes, systems and programs. Correspondingly, one major consideration in performance improvement involves the creation and usage of performance measures or indicators. Through analysis of data generated by deployed tracking processes, adopted measures or indicators may be adaptively evaluated and changed to improve managerial goals support.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part I

With the introduction of ‘Balanced Scorecard’ theory, management has the option to view the entity from four perspectives and develop metrics, collect data as well as perform analyzes relative to standardized abstraction levels. Organizational balanced score-carding provides a visible prescription regarding what an entity should measure to symmetrize the generally supported financial approach that has overshadowed holistic management. By definition, the Balanced Scorecard is a management system that enables vision and associated strategy crystallization for focused execution. However, Balanced Scorecard also drives feedback from internal business processes and external outcomes in order to continuously improve strategic performance and results. When managerially integrated, the balanced scorecard transforms strategic planning from periodic documentation drills into addressable governance items.