Dr. Alain Jacot-Descombes, CIO / UNIGE

Transcription

1 Qui est responsable de l'information (numérique) au sein de l'entreprise? Retour d'expérience de l'unige dans la gouvernance de son système d'information Who is responsible for the (digital) information within the company? Practical experiences from the UNIGE in the governance of its information system Dr. Alain Jacot-Descombes, CIO / UNIGE SWITCH Executive Focus, 19th March 2015, Bern 1

2 Agenda Ø Data / Information Ø Digital Enterprise Ø Information UNIGE Ø Cyber Risks Ø Conclusion 2

3 Data / Information : from Prehistory to Digital Era «People or computers can find patterns in data to perceive information, and information can be used to enhance knowledge» 3

4 The Physical Nature of Information 1370 AC 1200 BC BC 1454 AC 2400 BC 196 BC «Lascaux painpng» par Prof saxx Travail personnel. Sous licence CC BY- SA 3.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:lascaux_painpng.jpg#mediaviewer/file:lascaux_painpng.jpg «Ritmal- Cuneiform tablet - Kirkor Minassian collecpon - Library of Congress». Sous licence Domaine public via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:ritmal- Cuneiform_tablet_- _Kirkor_Minassian_collecPon_- _Library_of_Congress.jpg#mediaviewer/File:Ritmal- Cuneiform_tablet_- _Kirkor_Minassian_collecPon_- _Library_of_Congress.jpg h'p://commons.wikimedia.org/wiki/file%3abookdead.jpg [Public domain], via Wikimedia Commons from Wikimedia Commons «Rose'a Stone» par Hans Hillewaert. Sous licence CC BY- SA 4.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:rose'a_stone.jpg#mediaviewer/file:rose'a_stone.jpg Cologny, FondaPon MarPn Bodmer, Cod. Bodmer 78, f. 1r Guido de Columnis, Historia destrucponis Troiae (h'p:// codices.unifr.ch/en/list/one/fmb/cb- 0078) «Gutenberg Bible» par Raul654. Sous licence CC BY- SA 3.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:gutenberg_bible.jpg#mediaviewer/file:gutenberg_bible.jpg AJD / Who is responsible for the (digital) information within the company? 4

5 The Physical Nature of Information UK Newcastle University Library??? Data format? Data locapon? Data owners? Archived Data? AJD / Who is responsible for the (digital) information within the company? 5

6 Data / Information in the Digital World Data o facts and statistics collected together for reference or analysis Big Data Information o facts provided or learned about something or someone o data as processed, stored, or transmitted by a computer. Fast Data Smart Data 6

7 Information / Data Assets of the Universities Research Data Teaching & Learning Data Administrative Data some of them with regulatory requirements : o Personnal data o Financial data o Reference / master data o Research data linked to patent, publication o Medical data o Historical data o etc. 7

8 Digital Enterprise : How to master the Information System and to leverage Information Technology for the Business? 8

9 The Information System of an Enterprise Governance An information system is a system composed of people and computers that processes or interprets information (wikipedia) Management & Opera.ons People Informa(on Processes Tools 9

10 Optimized the Enterprise through Digitalization Services Business Model IT Business Process InformaPon Delivery Value Joint Business & IT Initiatives : to transform the business model to create new, value-added services to simplify and to optimize the business processes to manage information to save costs NB: IT costs is ~4% of Enterprise costs à the 96% costs should be challenged through digitalization 10

11 Information System Framework and Responsibilities Enterprise Strategy Enterprise Architecture the business processes are based on (computerized) informa(on and func(ons, implemented by databases and applica(ons that are supported by technical infrastructures Demand Risks Risks Service CxO CyO CzO CTO CIO CISO Processes & Informa.on (func?onal domains) Informa.on System (IS) Informa.on Technologies (IT) IS Risks & Security 11

12 Information UNIGE 12

13 The Functional Domains of the UNIGE IS The UNIGE Information System (IS) has been divided into 9 functional domains. TEACHING FINANCE STUDENT LIFE GENERAL MANAGEMENT HUMAN RESOURCES RESEARCH LIBRARY LOGISTICS INFORMATION SYSTEM For each funcponal domain, the IS project & service porfolio is coordinated by a Commi'ee, that is composed of : CxO / business director (president) a CIO deputy a PMO member some key stakeholders 13

14 IS UNIGE Informa.on System (IS) Framework COCSIM COCSIM COCSIM COCSIM COPIL COPIL COPIL CIO According to strategies, / ISG Office priori?zing and funding the IS ins?tu?onal porbolio RECTORATE Business Processes Informa(on & Func(ons Databases & Applica(ons Technical Infrastructures M IN IN O R E V O LU LU T II O N S M AJ O R E V O L U T I O N S CxO CTO Business Architecture InformaPon Architecture ApplicaPon Architecture Infrastructure Architecture CAT Enterprise Architecture PMO ISG Office : IS Governance Office (IS ins?tu?onal porbolio) COCSIM : Porrolio Steering Commi'ee (IS func?onnal porbolio) COPIL : Project Steering Commi'ee PMO : Project Management Office (PPM) AJD / Who CAT is : IS responsible Architecture for Commission the (digital) information within the company? 14

15 IS UNIGE IS Project Manager Business Processes Informa?on & Func?ons Databases & Applica?ons Technical Infrastructures M AJ O R E V O L U T I O N IS Project Folder PMO Project description Project evaluation (radar) Financial Resources Project Organisation Solution description CAT analysis & statement CAT The CAT is screening / valida?ng many aspects of the project and the solu?on, both on business and IT sides data owners? data sensi(vity? data life cycle? access rights? archived data? legal issues? risks? SLA? hos(ng? architectures? Cloud services? 15

16 Information Security Management UNIGE The ISMS is part of the IS Governance framework and contributes to the Internal Control System (ISC) Business Processes Informa?on & Func?ons Databases & Applica?ons Technical Infrastructures Risks Risks CISO IS Risks & Security Securing (digital) information and services Based on the ISO standard / best practices Risk management process Plan-Do-Check-Act cycle (continuous improvement) Involving management and users 16

17 Cyber Risks 17

18 National strategy for Switzerland s protection against cyber risks (NCS, adopted by the Federal Council on June 27, 2012 ) cyber a'acks are carried out on computers, networks and data cyber a'acks are becoming more professional and dangerous state authoripes and administrapons at all levels (ConfederaPon, cantons, communes) can also be vicpms of cyber a'acks. They can be affected in their legislapve, execupve or judiciary funcpons, but also as operators and users of cripcal infrastructure or research insptupons efforts to ensure protecpon can collide with other equally legipmate interests First and foremost, the individual players are themselves responsible for maintaining and oppmising protecpve measures for minimising cyber risks 18

19 The Cloud strategy complements Switzerland s egovernment strategy regarding the use of cloud computing : o o o Cloud strategy (approved on ) «Cloud first» strategy for IS solutions (as in USA, EU) The cloud strategy addresses the identified risks and thereby supports risk-aware and responsible use of cloud computing services The cloud user assumes the responsibility for the use of cloud services and outsourcing of data in the cloud 19

20 The Research Community needs secured Cloud services (infrastructure & support) for High Performance Computing Data Management InsPtuPonal Clouds SWISS ACADEMIC CLOUD AJD / Who is responsible for the (digital) information within the company? 20 20

21 Conclusion 21

22 The informa.on security in the enterprise... is a managerial responsibility has to be organized and embedded in the working environment requires adapted measures Involves all actors 22

23 Thank you for your attention h'p:// execupve- transformaponal- cio 23