Dr. Alain Jacot-Descombes, CIO / DSI @ UNIGE

Similar documents
Cloud Compu)ng in Educa)on and Research

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective

Practical Approaches to Achieving Sustainable IT Governance

Everything You Need to Know about Cloud BI. Freek Kamst

How To Implement An Information Security Management System

Developing National Frameworks & Engaging the Private Sector

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Project Por)olio Management

How small and medium-sized enterprises can formulate an information security management system

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User

SDN- based Mobile Networking for Cellular Operators. Seil Jeon, Carlos Guimaraes, Rui L. Aguiar

IT Governance Charter

Information session April 2nd, Master 2 in Information System Security Management (ISSM)

NIST Cloud Computing Program Activities

Report to Rapport au: Council Conseil 9 December 2015 / 9 décembre Submitted on October 26, 2015 Soumis le 26 octobre 2015

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Introduc)on to the IoT- A methodology

benefit of virtualiza/on? Virtualiza/on An interpreter may not work! Requirements for Virtualiza/on 1/06/15 Which of the following is not a poten/al

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

Cyber Security - What Would a Breach Really Mean for your Business?

CONSULTING IMAGE PLACEHOLDER

Achieving Global Cyber Security Through Collaboration

Hosted Exchange for Business

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Written Contribution of the National Association of Statutory Health Insurance Funds of

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Revised October 2013

An Integrated Approach to Manage IT Network Traffic - An Overview Click to edit Master /tle style

BT One. Analyst and consultant update, September BT One. Communications that unify 1

Preparing yourself for ISO/IEC

Information Security Management System Information Security Policy

VENDOR MANAGEMENT Presented By:

North Texas ISSA CISO Roundtable

BIRN Update. Carl Kesselman

Masterclass Cycle on Information Security Management

video communications the foundation for enterprise mobility

Cloud Security Introduction and Overview

H2020-LEIT-ICT WP Big Data PPP

PhD Program in Pharmaceutical Sciences From drug discovery to the patient Training the next generations of pharmaceutical scientists

Privileged Administra0on Best Prac0ces :: September 1, 2015

Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day.

Cyber Security: from threat to opportunity

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

Measuring Policing Complexity: A Research Based Agenda

Section 4 MANAGEMENT CONTROLS AND PROCESSES. Section 4

INVITATION. Smart Grid & Cyber Security Conference

Moving Forward with IT Governance and COBIT

Selling Cyber Security to the Finance Officers

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

Saving Time and Money with Web Based Benefits Administra9on and Consolidated Billing

Maximizing Your IT Value with Well-Aligned Governance August 3, 2012

Delivering IT as a Service

Objectives for today. Cloud Computing i det offentlige UK Public Sector G-Cloud, Applications Store & Data Centre Strategy

Energy Efficient Systems

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

IT Governance Issues in Korean Government Integrated Data Center 1

Transcription:

Qui est responsable de l'information (numérique) au sein de l'entreprise? Retour d'expérience de l'unige dans la gouvernance de son système d'information Who is responsible for the (digital) information within the company? Practical experiences from the UNIGE in the governance of its information system Dr. Alain Jacot-Descombes, CIO / DSI @ UNIGE SWITCH Executive Focus, 19th March 2015, Bern 1

Agenda Ø Data / Information Ø Digital Enterprise Ø Information System @ UNIGE Ø Cyber Risks Ø Conclusion 2

Data / Information : from Prehistory to Digital Era «People or computers can find patterns in data to perceive information, and information can be used to enhance knowledge» 3

The Physical Nature of Information 1370 AC 1200 BC 15000 BC 1454 AC 2400 BC 196 BC «Lascaux painpng» par Prof saxx Travail personnel. Sous licence CC BY- SA 3.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:lascaux_painpng.jpg#mediaviewer/file:lascaux_painpng.jpg «Ritmal- Cuneiform tablet - Kirkor Minassian collecpon - Library of Congress». Sous licence Domaine public via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:ritmal- Cuneiform_tablet_- _Kirkor_Minassian_collecPon_- _Library_of_Congress.jpg#mediaviewer/File:Ritmal- Cuneiform_tablet_- _Kirkor_Minassian_collecPon_- _Library_of_Congress.jpg h'p://commons.wikimedia.org/wiki/file%3abookdead.jpg [Public domain], via Wikimedia Commons from Wikimedia Commons «Rose'a Stone» par Hans Hillewaert. Sous licence CC BY- SA 4.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:rose'a_stone.jpg#mediaviewer/file:rose'a_stone.jpg Cologny, FondaPon MarPn Bodmer, Cod. Bodmer 78, f. 1r Guido de Columnis, Historia destrucponis Troiae (h'p://www.e- codices.unifr.ch/en/list/one/fmb/cb- 0078) «Gutenberg Bible» par Raul654. Sous licence CC BY- SA 3.0 via Wikimedia Commons - h'p://commons.wikimedia.org/wiki/file:gutenberg_bible.jpg#mediaviewer/file:gutenberg_bible.jpg AJD / 19.03.2015 Who is responsible for the (digital) information within the company? 4

The Physical Nature of Information UK Newcastle University Library??? Data format? Data locapon? Data owners? Archived Data? AJD / 19.03.2015 Who is responsible for the (digital) information within the company? 5

Data / Information in the Digital World Data o facts and statistics collected together for reference or analysis Big Data Information o facts provided or learned about something or someone o data as processed, stored, or transmitted by a computer. Fast Data Smart Data 6

Information / Data Assets of the Universities Research Data Teaching & Learning Data Administrative Data some of them with regulatory requirements : o Personnal data o Financial data o Reference / master data o Research data linked to patent, publication o Medical data o Historical data o etc. 7

Digital Enterprise : How to master the Information System and to leverage Information Technology for the Business? 8

The Information System of an Enterprise Governance An information system is a system composed of people and computers that processes or interprets information (wikipedia) Management & Opera.ons People Informa(on Processes Tools 9

Optimized the Enterprise through Digitalization Services Business Model IT Business Process InformaPon Delivery Value Joint Business & IT Initiatives : to transform the business model to create new, value-added services to simplify and to optimize the business processes to manage information to save costs NB: IT costs is ~4% of Enterprise costs à the 96% costs should be challenged through digitalization 10

Information System Framework and Responsibilities Enterprise Strategy Enterprise Architecture the business processes are based on (computerized) informa(on and func(ons, implemented by databases and applica(ons that are supported by technical infrastructures Demand Risks Risks Service CxO CyO CzO CTO CIO CISO Processes & Informa.on (func?onal domains) Informa.on System (IS) Informa.on Technologies (IT) IS Risks & Security 11

Information System @ UNIGE 12

The Functional Domains of the UNIGE IS The UNIGE Information System (IS) has been divided into 9 functional domains. TEACHING FINANCE STUDENT LIFE GENERAL MANAGEMENT HUMAN RESOURCES RESEARCH LIBRARY LOGISTICS INFORMATION SYSTEM For each funcponal domain, the IS project & service porfolio is coordinated by a Commi'ee, that is composed of : CxO / business director (president) a CIO deputy a PMO member some key stakeholders 13

IS Governance @ UNIGE Informa.on System (IS) Framework COCSIM COCSIM COCSIM COCSIM COPIL COPIL COPIL CIO According to strategies, / ISG Office priori?zing and funding the IS ins?tu?onal porbolio RECTORATE Business Processes Informa(on & Func(ons Databases & Applica(ons Technical Infrastructures M IN IN O R E V O LU LU T II O N S M AJ O R E V O L U T I O N S CxO CTO Business Architecture InformaPon Architecture ApplicaPon Architecture Infrastructure Architecture CAT Enterprise Architecture PMO ISG Office : IS Governance Office (IS ins?tu?onal porbolio) COCSIM : Porrolio Steering Commi'ee (IS func?onnal porbolio) COPIL : Project Steering Commi'ee PMO : Project Management Office (PPM) AJD / 19.03.2015 Who CAT is : IS responsible Architecture for Commission the (digital) information within the company? 14

IS Project @ UNIGE IS Project Manager Business Processes Informa?on & Func?ons Databases & Applica?ons Technical Infrastructures M AJ O R E V O L U T I O N IS Project Folder PMO Project description Project evaluation (radar) Financial Resources Project Organisation Solution description CAT analysis & statement CAT The CAT is screening / valida?ng many aspects of the project and the solu?on, both on business and IT sides data owners? data sensi(vity? data life cycle? access rights? archived data? legal issues? risks? SLA? hos(ng? architectures? Cloud services? 15

Information Security Management System @ UNIGE The ISMS is part of the IS Governance framework and contributes to the Internal Control System (ISC) Business Processes Informa?on & Func?ons Databases & Applica?ons Technical Infrastructures Risks Risks CISO IS Risks & Security Securing (digital) information and services Based on the ISO 27001 standard / best practices Risk management process Plan-Do-Check-Act cycle (continuous improvement) Involving management and users 16

Cyber Risks 17

National strategy for Switzerland s protection against cyber risks (NCS, adopted by the Federal Council on June 27, 2012 ) cyber a'acks are carried out on computers, networks and data cyber a'acks are becoming more professional and dangerous state authoripes and administrapons at all levels (ConfederaPon, cantons, communes) can also be vicpms of cyber a'acks. They can be affected in their legislapve, execupve or judiciary funcpons, but also as operators and users of cripcal infrastructure or research insptupons efforts to ensure protecpon can collide with other equally legipmate interests First and foremost, the individual players are themselves responsible for maintaining and oppmising protecpve measures for minimising cyber risks 18

The Cloud strategy complements Switzerland s egovernment strategy regarding the use of cloud computing : o o o Cloud strategy (approved on 25.10.2012) «Cloud first» strategy for IS solutions (as in USA, EU) The cloud strategy addresses the identified risks and thereby supports risk-aware and responsible use of cloud computing services The cloud user assumes the responsibility for the use of cloud services and outsourcing of data in the cloud 19

The Research Community needs secured Cloud services (infrastructure & support) for High Performance Computing Data Management InsPtuPonal Clouds SWISS ACADEMIC CLOUD AJD / 19.03.2015 Who is responsible for the (digital) information within the company? 20 20

Conclusion 21

The informa.on security in the enterprise... is a managerial responsibility has to be organized and embedded in the working environment requires adapted measures Involves all actors 22

Thank you for your attention h'p://www.russellreynolds.com/content/elevator- execupve- transformaponal- cio 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information