IT Governance _M2 Flashcards
What is IT Governance?
- A primary goal of IT governance is aligning policies and practices with organizational objectives.
- One of the key components of proper IT governance is data availability.
- Information that isn’t available to employees when they need it provides no benefit.
- IT governance is the responsibility of the board of directors and executive management, the company’s corporate strategy, and its vision.
- Strong IT governance models have both people and policies in place that help organizations reach their objectives.
What are the key components in IT Governance?
- Architecture.
- The Availability of Data.
- Metadata Structure.
- Governance policies.
- Data quality.
- Regulations.
- Data security.
- Vision Statement
- Corporate Strategy
Who is responsible for IT Governance?
Executive Management structures IT governance controls.
- Concerned with making sure the IT governance structure is in place and is executed.
- Executives are responsible for designing governance controls for middle managers and others in lower-level positions so that those controls are executed correctly.
- Executive management also exemplifies the attitude toward the IT governance policies in place, which is part of the governance structure’s effectiveness.
- Day-to-day planning is reserved for executive management.
The Board of Directors typically holds ultimate responsibility for all governance processes and appoints executives to ensure the proper structures are in place to meet governance standards.
- The board of directors holds responsibility for all IT governance policies, but it does not get involved in the daily planning or enforcement of those policies.
Middle Managers execute and enforce the standards, ensuring that subordinates follow those controls as designed.
- Carries out the policies that upper management and the board of directors put in place, ensuring that those at lower levels are also executing IT governance controls.
IT Support Staff: IT support may be involved in the formation of IT governance controls and policies but will not create it.
What are the advantages and disadvantages of the DDP Model?
Distributed Data Processing
ADVANTAGES
- It reduces costs by allowing data to be entered and edited locally.
- It provides the ability to back up computing facilities to protect against potential hazards such as fires and flood.
DISADVANTAGES
- It enables an organization to exert greater control over its IT environment.
- It shifts central control into a distributed community with more localized governance and control.
- This shift will lead to a reduction in overall control.
What are the different types of transaction processing?
CENTRALIZED NETWORKS:
- Are a single entity or a small concentration of entities processing transactions.
- Centralized processing environments maintain all data and perform all data processing at a central location.
- Processing is not performed at remote locations.
DECENTRALIZED NETWORKS:
- Rely on multiple entities.
- Decentralized (distributed) processing, also referred to as a distributed ledger or blockchain, is a form of processing that uses multiple independent computers to validate a group (block) of transactions at a time.
- Adds transparency and security to the overall network.
HYBRID:
Which are both combined.
What is a internet service provider vision and corporate strategy to achieve?
Vision is to provide reliable and consistent network connectivity for all customers.
Corporate Strategy
- All IT personnel on company payroll.
- A physical network.
- Quick disaster recovery speeds.
What does IT Governance use to create its IT Strategy?
- Corporate Strategy: A Corporate strategy defines a company’s business model, and if that model relies heavily on technology as a competitive advantage, then it will greatly impact the IT strategy.
- Vision Statement: A vision reveals a company’s goals and aspirations.
- Regulations: are applicable to a company’s IT strategy because it and its users are stewards of the data transmitted across the company’s systems.
What are IT Support Staff?
- Employees who help maintain an IT environment after it has been designed and implemented.
- The roles of those employees will depend on the IT strategy devised.
What is supporting documentation for IT Security Policy?
- A security policy outlines how an organization will protect its tangible and intangible IT assets.
- This document covers guidelines for hardware use, software use, personnel conduct, and internal IT controls.
Supporting Documents
- Industry regulations:Especially if regulations deal with the use of how data is handled, such as healthcare or personal records.
- Performance standards for IT assets: Benchmarks or standards for how IT software and hardware should be performing would be included in a security policy.
- Protocols for IT processes: Security protocols or normal operating protocols for varying IT processes would be included in an IT security policy because these govern the way the IT function should work.
How does IT help with managements strategic decision-making process?
- By providing relevant and reliable data that reduce uncertainty.
- IT provide Factual, Accurate, Correct, Timely information that organizations need to make strategic decisions with based on the information they have at hand and what they foresee in the future.
- Managers execute sound decisions based on information they receive from, information technology, people, processes, and systems.
What are the typical functions of the Steering Committee?
- Ensuring that top-management gives its participation, guidance, and control.
- They facilitate coordination and integration of information systems activities to increase goal congruence and reduce goal conflict.
- Setting governing policies for the various information systems within the company.
- Reviews and approves long-range plans and oversees its information systems.
What does the Project Development Team do?
- They are responsible for frequently communicating and working with users during the systems design process.
- They are responsible for aspects of specific projects such as project planning, tracking, design, and change management.
- These aspects are shorter in range and more specific than the responsibilities of the steering committee.
What are System Analysts?
They are typically engaged in designing information systems to meet users’ needs rather than overseeing an organization’s information systems.
What are Database Administrators?
- They are responsible for storing and organizing data within a database.
- Their responsibility is focused on managing databases and the data within it as opposed to overseeing entire information systems.
How to categorized Risk Assessment impact to the day-to-day operations?
High Impact: An information resource would be categorized as high impact if the organization cannot operate without it.
Medium Impact: An information resource should be categorized as medium impact if there is a work-around for its loss can be without it 2 days to about a week.
Low Impact: An information resource would be categorized as low impact if the organization could operate without the information resource for an extended period of time.