Key Considerations for Information Technology Governance. 900 Monroe NW Grand Rapids, MI 49503 (616) 632-8000



Similar documents
TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

Introduction to Enterprise Risk Management at UVM DRAFT

CISM (Certified Information Security Manager) Document version:

Does it state the management commitment and set out the organizational approach to managing information security?

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Information Security for Managers

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter

ESKISP Direct security testing

Information Security Management System Policy

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

Cybersecurity and internal audit. August 15, 2014

Wright State University Information Security

Managed Services For Business FAQ Blue Saffron IT Resource Management

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Information Governance for Healthcare Executives. Lesley Kadlec, MA, RHIA Lydia Mays Washington, MS, RHIA, CPHIMS

Preemptive security solutions for healthcare

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

The Information Assurance Process: Charting a Path Towards Compliance

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

SECURITY RISK MANAGEMENT

INTERNATIONAL SOS. Information Security Policy. Version 1.02

Cybersecurity for Medical Devices

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

ASAE s Job Task Analysis Strategic Level Competencies

Cyberprivacy and Cybersecurity for Health Data

How To Implement Data Loss Prevention

INFORMATION SECURITY STRATEGIC PLAN

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

Rogers Insurance Client Presentation

National Institute of Standards and Technology Smart Grid Cybersecurity

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

SAM Benefits Overview

Aligning Compliance Program Priorities with Business Objectives

ESKISP Conduct security testing, under supervision

Cybersecurity Framework Security Policy Mapping Table

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Why you should adopt the NIST Cybersecurity Framework

Patch and Vulnerability Management Program

WMACCA Small Law Department Initiative. Scaling a Compliance Program To Your Organization And Small Law Department

Information Security Management System Information Security Policy

Risk Considerations for Internal Audit

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

HIPAA Privacy Rule Policies

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

How to build a great compliance program for your U.S. imports

Federal Bureau of Investigation s Integrity and Compliance Program

Our Commitment to Information Security

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

CA Technologies Healthcare security solutions:

Risk Management Policy

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Cyber Risks in the Boardroom

Certified Identity and Access Manager (CIAM) Overview & Curriculum

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Information Security Management System (ISMS) Policy

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Any business relationship between a bank and another entity, by contract or otherwise

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1

Audit, Risk Management and Compliance Committee Charter

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

HP Cyber Security Control Cyber Insight & Defence

Healthcare and IT Working Together KY HFMA Spring Institute

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Operation of Aircraft

An Information Security and Privacy Perspective for Procurement Services Projects

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Information Security Governance:

Managing data security and privacy risk of third-party vendors

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Transcription:

Key Considerations for Information Technology Governance

What is IT Governance? Big Picture approach to information and data management Sets priorities: Managing performance Delivering value Managing risk Ensuring compliance Sets direction for policies and procedures

What is IT Governance (continued) Governance = planning the framework for what is to be achieved (objectives) Management = directing how objectives will be achieved Operations = achieving the objectives by doing the work

Why is IT Governance Needed? Business needs should drive technology choices Information and reputation drive a business value Risks and threats to information and data are real, and protection of information and data security is not just a technical task for IT personnel Security breaches could significantly impact business Reputational damage should not be underestimated

Benefits of Proactive Governance Ensures privacy, confidentiality and security Produces timely and accurate data through regular audits and consistent standards and streamlined processes Improved data usability through monitoring data for consistency with organizational vision and stakeholder needs Increased data security through implementation and application of security plan

Benefits of Proactive Governance Reduce risk of information loss and interruption of operations Increased business value Optimization of resources Mitigation of risk of civil and legal liability

Goals of IT Governance Identify strategic objectives Provide direction to align IT use with business strategy Create a system to oversee the use of information and related technology

Governance Program Components Policies and Standards What are the rules of engagement? Organizational bodies and individuals Process

Policies and Standards Mission/vision Goals and objectives Data rules Decision rights Responsibilities Security controls for risk management

Organizational bodies and individuals Who is responsible for ensuring that the governance program is implemented efficiently and effectively? Identify all relevant stakeholders

Process Identify and document all processes required for implementing, managing, and modifying a data governance program Proactive, ongoing, reactive processes Address all forseen data governance activities and describe specific methods for managing data E.g., setting standards prior to data collection, ongoing program maintenance, modifications to security policies after a data breach

Data Governance Program Implementation Create a data governance team Define data governance policies and procedures Deploy the data governance program Monitor and report program progress

Governance Focus Areas Defining decision making authority, roles and responsibilities Data security and risk management Establish a security management plan to mitigate risks Specify rules for work related and personal use of computer and data systems Assess data risks to identify vulnerabilities Identify procedures for handling data security breaches Train staff to ensure compliance with policies and procedures

Governance Focus Areas Data inventorying and data content management Data records management and data access Data quality Data sharing and reporting

Questions? Jennifer Puplava (616) 632-8050 jpuplava@mmbjlaw.com Copyright 2015, Jennifer A. Puplava, Mika Meyers Beckett & Jones PLC. This presentation is to assist in a general understanding of the legal issues involved, and is not intended as legal advice. Persons with particular questions should seek the advice of counsel.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information