California Association of Independent Schools. 2014 Trustee & School Head Conference

Similar documents
SENIOR SYSTEMS ANALYST

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

FUNCTIONAL AREA 12. Network Administration (NET)

INFORMATION TECHNOLOGY ENGINEER V

1. INTRODUCTION AND CONTACT INFORMATION

IT Networking and Security

BUSINESS CONTINUITY PLANNING

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Information Security Program Management Standard

SharePoint and Security: A Survey of SharePoint Stakeholders

INFORMATION TECHNOLOGY PLAN. THE ENLARGED CITY SCHOOL DISTRICT OF TROY, NEW YORK 2920 Fifth Avenue, Troy, NY

Strategic Goals. 1. Information Technology Infrastructure in support of University Strategic Goals

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Certified Information Professional 2016 Update Outline

NOS for Network Support (903)

COMPUTER TECHNOLOGY ACCEPTABLE USE & INTERNET SAFETY

Business Continuity and Capacity Building

Cisco Advanced Services for Network Security

County of Hanover. Board Meeting: May 28, Presentation - Information Technology Department Strategic Plan

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

The University of Alabama at Birmingham. Information Technology. Strategic Plan

AGENDA ITEM BACKGROUND TO: GOVERNING BOARD ITEM NUMBER

NETWORKING ENTERPRISE SPECIALIST VoIP Project (New position)

Appropriate Use Policy for Information Technology

Eastern Illinois University information technology services. strategic plan. January,

Information Technology Strategic Plan /23/2013

Business Continuity Planning and Disaster Recovery Planning

State of Oregon. State of Oregon 1

Records and Information Management

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Information Technology Strategic Plan

Information Technology Risk

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

White Paper. Managed IT Services as a Business Solution

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

INFORMATION TECHNOLOGY SECURITY STANDARDS

TRUCKEE DONNER RECREATION & PARK DISTRICT INFORMATION TECHNOLOGY ADMINISTRATOR

Lincoln Public Schools Technology Plan. Vision for Technology Integration

Information Technology Project Management (ITPM)

The Ultimate Guide to Buying HR Software for your Growing Business. Get your decision right with this step-by-step guide!

University of Central Florida Class Specification Administrative and Professional. Network Operations Manager (Enterprise)

Strategic Plan for Technology

IT Networking and Security

Data Security Best Practices & Reasonable Methods

ISO Controls and Objectives

CHAPTER 2: Staffing ROLES OF STAFF. Roles Required to Provide Tech Support

Business Continuity Planning (800)

Modern Manufacturing in the Cloud

Information Security Policies and Procedures Development Framework for Government Agencies. First Edition AH

The PNC Financial Services Group, Inc. Business Continuity Program

INFORMATION SYSTEMS MANAGER

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. Session Objectives. Introduction Tom Walsh

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

CDC UNIFIED PROCESS JOB AID

ICTTEN5204A Produce technical solutions from business specifications

Continuity of Business

Information Security Program

CTAA - SAFETY AND SECURITY OFFICER PROGRAM (CSSO)

YORK REGION DISTRICT SCHOOL BOARD

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Village of Hastings-on-Hudson Electronic Policy. Internal and External Policies and Procedures

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Audit Report 2015-A-0001 December 23, 2014 Redacted

Cloud-based Office 365 provides substantial cost, flexibility benefits over server-based system

Information Technology: This Year s Hot Issue - Cloud Computing

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

Can Your Diocese Afford to Fail a HIPAA Audit?

CAMPUS IT PRIORITIES, 2012

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Disaster Recovery Planning

Cal Poly Information Security Program

ABS Information Systems Inc. 307 Lesmill Rd, Toronto, Ontario, Canada, M3B 2V1 Phone:

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

Creating a Business Continuity Plan for your Health Center

Cloud Roadmap to Success. October, 2014

INFORMATION RESOURCE MANAGEMENT

Information Technology Manager Training Needs Assessment Evaluation Form. Personal/Position Information

Learn Serve Lead. Association of American Medical Colleges

WHITE PAPER SMB Business Telephone Systems Options to Ensure Your Organization is Future Ready. By Peter Bernstein, Senior Editor TMCnet.

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

Berkeley City College Technology Plan

Business Resiliency Business Continuity Management - January 14, 2014

GRAND ERIE DISTRICT SCHOOL BOARD

Zonal Director Eastern Zone, DRC

Running head: LESSONS LEARNED FROM A BEGINNING MATH COACH 1. Lessons Learned from a Beginning Math Coach. Susan Muir.

Critical Controls for Cyber Security.

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

Management of Health, Safety and the Environment

Information Technology Services

Title goes here. Critical Access Hospital Workshop Affordable Information Technology For Smaller Health Care Organizations

Business Continuity Planning for Risk Reduction

Electronic Document Management is it time?

New Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, ,

chieving organizational and management excellence

FFIEC Cybersecurity Assessment Tool

Cloud Computing Safe Harbor or Wild West?

Transcription:

California Association of Independent Schools 2014 Trustee & School Head Conference Technology: Strategic IT Planning, Risk Assessment & Asset Protection Presenters: James Busby, The Buckley School Denise Gutches, DKG Consulting, Inc. Bob Green CPA.CITP, SingerLewak

Work with Faculty Dir. Educational Technology Summer Tech Institutes Department-specific trainings (new building tech) Professional development days faculty & departmental) Lower School Technology Taskforce Drop-in Tech Discussions (Fridays) Peer-to-peer informal networks (full

Initiatives in progress Evaluation of BYOD ebooks Flipped classrooms Cross-discipline collaboratives

Technology at Buckley

Essential questions for IT investment The waterpark problem Pool? Waterslide? Superslide? When to jump vs. when to dip toes How to best support a great teacher with technology vs. slow them down Love the teacher, not the tool

Strategic IT Planning Risk Assessment & Asset Protection Governance The Strategic Information Technology Plan IT Budgeting and Asset Management Staffing and Organizational Structure Policies and Procedures

IT GOVERNANCE IT Governance is about the stewardship of IT resources on behalf of the organization s stakeholders who expect a return from their investment. The directors responsible for this stewardship will look to the management to implement the necessary systems and IT controls. Governance should encompass risk management, ensuring compliance, delivering value from IT, and measuring IT performance. Who at your school is responsible for IT Governance? Who should be? Do you need outside help to evaluate your IT function and environment?

THE STRATEGIC IT PLAN CRITICAL CONTENTS OF A STRATEGIC TECHNOLOGY PLAN INCLUDE: Link of IT initiatives to school-wide strategic initiatives and objectives IT initiatives each is illustrated with: Narrative of purpose, beneficiary, responsible party/sponsor, etc. Link to academic and operational initiatives, risk management and compliance objectives Budgets, resources and highlighted project plan Critical success factors, risk factors, and measurement methodologies for each initiative REMINDERS: It is a living document requires periodic monitoring, prioritizing and updating Bring in the IT planning early in an expansion or facilities project!

IT Asset Management IT Inventory and Asset Replacement Plan Hardware Software Infrastructure Research on new technology, trends, etc. Determining optimal time for replacement, upgrade or implementation of new IT

IT Asset Management BUDGETING 3-5 year budget Hardware Software Capital Improvements Staffing Operations Professional Development Typically, technology spending should average between 6-8% of the total operating budget

IT Asset Management BUDGETING Professional Development Faculty training IT staff training and certifications Conferences and workshops Research of new technologies & trends Capital Improvements INFRASTRUCTURE Cabling Network switching and routers Wireless Access Points Video distribution Telecommunications Security

Total Cost of Ownership and Return on or Value of Investment TCO focuses on ALL costs of asset acquisition Initial purchase All costs to support and maintain (staff time; licensing; upgrades; etc.) ROI or VOI Estimate the financial impact of a proposed project; Determine the total cost of ownership; Outline a project s qualitative benefits in support of a school s mission and enhancement of the learning environment.

IT STAFF, COMPETENCY, FIT & STRUCTURE NEED TO EVALUATE SKILL, ATTITUDE, CONTINGENCY PLANS Staff competency consistent with skills required for strategic IT initiatives? Do you have an appropriate mix of internal IT staff and outside resources? SuperRisk of departure (planned, or not) of your IT leader They hold the keys to your kingdom Can you ensure their tenure, and honesty? Can you take honesty to the bank? vision: who can, or should supervise: a) the IT staff? b) IT leadership c) IT advisors? Establish IT leadership departure protocols and contingencies Is your school s IT environment in the right hands?

STAFFING AND ORGANIZATIONAL STRUCTURE ADEQUATE STAFF SUPPORT Corporate: User/IT Staff = 50/1 Schools Non-Academic IT Staff: # of Computers/IT Support Staff = Risk Level Schools Academic IT Staff: # of Faculty/Academic IT Staff = Risk Level RISK LEVEL: The higher the number, the greater the risk of loss, dowtime, lack of support, etc.

INFORMATION SECURITY Threats from inside and out OUTSIDE RISKS INCLUDE: Hacking into private information, registrar database, family financial data Takedown of systems INSIDE RISKS INCLUDE: Administrators, students or faculty abusing systems Compromising/stealing sensitive information Unauthorized access to software and data (registrar, financial aid, admissions, development) Inappropriate use of systems causing litigation and criminal exposure Where do you believe your school has more exposure from? Inside, or outside?

DISASTER PREPAREDNESS ISSUES INCLUDE: Determining what risks to prepare for Satisfactory time for resumption of operations and to what extent is needed? Cost/benefit of mitigation ACTIONS: Disaster Preparedness Assessment Prepare an overall Business continuity plan, including IT issues Has your school kept up on this important matter? What is the expectation from parents?

NETWORK INFRASTRUCTURE Sustainability of your school s network design What is network infrastructure? Common example, sadly: Design choices: hosted, cloud, hybrid Important: Quality of components Effectiveness of configurations Cloud computing Yes, this is really all you need if you are fully cloud-based. Consider where the risks are, now Scalability Maintenance and support policies Is your school s network effectively designed?

NETWORK INFRASTRUCTURE Documentation for good measure DOCUMENTATION OF THE NETWORK INCLUDES: Topology (keep it current!) Vendor agreements and documentation, contracts, terms, expirations (Hardware, software, connectivity, service providers, contractors, etc.) Password schemes and policy Maintenance logs Network management policies and procedures Disaster Recovery Plan - or - Business Continuity Plan (if available) Configurations Hardware profiles Is your school s network adequately documented? Is there a copy in a safe place?

INFORMATION MANAGEMENT INFORMATION MANAGEMENT INCLUDES PROCESSES TO: Store and hold information Organize information Secure information Retain and/or systematically archive information Destroy information Utilize information Timely delivery of information Accurate delivery of information Are you confident in your school s current information management practices?

SOCIAL COMPUTING, SOCIAL MEDIA PRACTICES THE RISK: Lack of internal controls and monitoring can lead to rogue, non-monitored, nonregulated postings, websites, tweets any ramifications?? RECOMMEND: Social Media policies, Monitoring, Self-governance (everyone plays a role) RELATED CHALLENGE: budgeting for social media presence among school communications Website external facing Website internal facing, intranet Facebook page(s) Twitter, other mediums Is your school s brand protected from abuse? Are there ramifications from unsuitable behavior?

SOFTWARE, WORK FLOWS, AND THE USE OF INFORMATION FOCUS: Mission critical applications, work flows, data Secret: your processing tools and practices are NEVER done, or perfect FOCUS: Information model capture what matters most, then use it APPROACH: work backwards end in mind So, how do you feel about your ability to get information that matters to you?

IT BUDGETING CONTENTS are the line items valid, needed, appropriate? EXPENDITURES competitively priced? You sure? Don t just rubber stamp same as last year Investigate! Consider your school s approach to IT budgeting. Are monies being spent in concert with priorities from your strategic IT plan?

IT POLICIES AND PROCEDURES Network Management Password Document retention and destruction (e-file management and email management) Disaster Recovery Plan Acceptable Use Internet Safety and Social Media Purchasing Inventory Control

CLOSING With regard to information technology, remember: IT Governance is YOUR responsibility Assess your risks Prepare a Strategic IT Plan and monitor it Information Technology initiatives should follow the school s objectives Prepare, manage, and measure IT staff, and system performance Prepare for disasters, contingencies, and loss of key IT personnel

CONTACT US James Busby Head of School, The Buckley School, jbusby@buckley.org 818.783.1610 Denise Gutches CEO, DKG Consulting, Inc. Strategic Planning, Business Management and Project Management denise@dkgconsult.com 818.566.6610 Bob Green, CPA.CITP Partner, Practice Leader - SingerLewak bgreen@singerlewak.com 818.251.1359

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information