Posted: 18 Jan 2018 06:00 AM PST
Lately, we’ve been so focused on data governance, extracting the most value from our data and preventing the next big breach, many of us have overlooked IT governance fundamentals, which help us achieve great data governance.
The source of some of the confusion is that data and IT governance have very similar and interdependent goals. Broadly speaking, both processes aim to optimize the organization’s assets to generate greater business value for the organization.
Since IT and data governance are so inextricably connected and vital to an organization’s operations, how about we compare and contrast the two.
What is IT Governance?
IT governance ensures that the organization’s IT investments support the business objectives, manage the risks, and meet compliance regulations.
Examples of organization’s IT investments: physical and technical security, encryption, servers, software, computer and network devices, database schemas, and backups.
It’s often argued that these investments are considered a cost center rather than a money generator. Here’s some tough talk: organizations wouldn’t be able to operate, optimize or even generate revenue without IT.
In short: no IT, no data, and no business.
But good IT operations require dedicated leadership to ensure that tech investments are maximized.
Stakeholders involved in the success of IT governance include the board of directors, executives in finance, operations, marketing, sales, HR, vendors and, of course, the chief information officer (CIO) as well as other IT management.
The key individual who’s responsible for aligning IT governance to the organization’s business goals is the CIO.
To accomplish their goals, CIOs will often use existing data governance frameworks, created by industry experts. These frameworks also provide implementation guides, case studies and assessments. Here are some frameworks you may have heard of:
COBIT 5: A staple in the industry, this framework helps enterprises with IT governance, business optimization, and growth by leveraging proven practices. This framework is based on five key principles for governance and management of enterprise IT:
1. Meeting Stakeholder Needs
2. Covering the Enterprise End-to-End
3. Applying a Single, Integrated
4. Enabling a Holistic Approach
5. Separating Governance From Management
ITIL: IT Infrastructure Library helps with aligning IT services with the needs of the business. Most known for their framework of five core publications, each book collects the best practices for each phase of the IT service lifecycle.
FAIR: This is new framework and according to their website, “they’re a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk. They provide information risk, cybersecurity and business executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective.”
When it comes to frameworks, you’ll have to decide which one works with your company culture and often times, organizations will find that a hybrid approach works the best.
And with proper IT governance, the chance for data governance success increases. Why? Execution and management of systems, applications, IT support and their management of data within a company will impact data governance.
So What Then is Data Governance?
Data governance refers to the management of data in order to improve business outcomes and fuel business growth.
So far, with the exception of asset type, data governance very similar to IT governance.
The stakeholders involved for data governance include all the individuals required for IT governance plus a few more executives: the board, executives in finance, operations, marketing, sales, HR, vendors, CIO, IT management.
However, the individual responsible for aligning data with the organization’s business metrics is the chief data officer (CDO). The CDO will also enlist data scientists, programmers, and any department that generates data, which is every department within an organization.
CDOs are a recent addition to the C-suite, and they help lead companies in generating business value from data. According to Gartner, 90 percent of large organizations will have a chief data officer by 2019.
Yes, a CDO is very much a technical role, but this position also requires business and change management skillsets. After all, they have to aggregate the data, analyze the data and the most challenging of all, get the business to act on the data.
Since this data governance is a relatively new field, there aren’t established frameworks, such as COBIT 5.
But based on my research and speaking with pros at conferences, a company’s executive suite should be asking some of the following questions:
1. What is your business strategy?
§ A data strategy isn’t going to generate a single incremental dollar for your business, it’s simply an enabler.
2. Have you defined and communicated key objectives throughout your organization?
§ You’re going to be wasting a lot of time, money and resources solving for a problem and if you don’t know what the business problem is.
3. Do you have the right data and is it of sufficient quality?
§ Without data quality, your data projects and analytics will inevitably fall short.
In talking with Jeffery McMillian, CDO of Morgan Stanley, I learned that he spends 90% of his time focused on the first two questions. Based on his experience, if you don’t get these right, everything else is pretty much null.
Keep data assets safe and secure– get a free a risk assessment today.
The post The Difference Between Data Governance and IT Governance appeared first on Varonis Blog.
posted by: Ryan Olson on May 10, 2016 5:00 AM
Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective in generating revenue for cybercriminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – all are potential targets.
posted by: Claud Xiao and Jin Chen on March 6, 2016 11:30 AM
Unit 42, Palo Alto Networks
On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.
Posted by Kara Marsh on Jan 27, 2015 12:11:06 PM
We’d love to say “I told you so…”
NCA ANNOUNCES EXPANSION INTO THE SOUTHWEST WITH A NEW OFFICE LOCATED IN DALLAS, TEXAS
Be a Company Your Customers Will Recommend
Do Certain Traits Make People Vulnerable to Phishing?
By Andy Green
What You May Have Missed
The Internet of Things: Advanced Threats Against Medical Devices
Author: Fran Howarth
ShoreTel Mobility Pro Tips: 5 Things to Make Mobility Work Better for You
By: Clinton Fitch, Practice Manager of Advanced Applications - EMEA
Technology nerds take over Hot Stove Society….is Tom Douglas in trouble?
by Kara Marsh
A Botnet Worth Geeking Out Over
by | July 09, 2014
Say Hello to Lifesize Cloud
Cloud VoIP Phone Systems
Three Things to Be Aware of With Low-Cost Data Backup Services
Patch Day, P.F. Changs Hack, and TweetDeck XSS
une 13, 2014 by Corey Nachreiner
A Glance Into the Neutrino Botnet
By Umesh Wanve on Jun 23, 2014
The Expanding Data Universe
GameOver ZeuS Media Coverage and Update
by Chad Kahl
Why The Internet Of Things Is Quickly Moving From Big Idea To Big Deal
The Other Stories Behind the DoJ’s Indictment
Say Hello to Lifesize Cloud - 30 Day Free Trial
NCA Awarded Certificate of Environmental Accomplishment
ShoreTel Service Alert - Open SSL Heartbleed Bug
Network Computing Architects recognized for their outstanding achievement in customer satisfaction
Security Awareness Metrics - Measuring Change in Human Behavior
ShoreTel Service Alert - Open SSL Heartbleed Bug
Subject: OpenSSL Heartbleed Bug
Date: April 10, 2014
The Heartbleed Bug
My Top Recommendations for Increasing Security
Social and Privacy Aspects of Enterprise Search
Top 5 Things To See At Interop Las Vegas
by Betty Reynolds
Addressing Data Security and Management in the Public Sector
Webinar: Thurs, March 27 - 11:00 am PST
5 Ways UTM Security Can Help Schools
Posted by WatchGuard Team ⋅
By Michael Buckbee
More Articles ...
- More Phishing and Metadata Connections
- Don’t be Disappointed by Big Data
- RSA Conference 2014: Art Coviello, William Shatner and the Need For Increased Cybersecurity Cooperation
- Recapping RSA Conference Keynotes Day 2: Nuclear Fusion and the FBI
- Anatomy of a Phish: New Varonis eBook Connects Social Attacks and APTs to Human-Generated Data
- 6 Things SMB Owners Should Consider When Choosing a Cloud Provider
- Protect Where You Connect: Bringing Enterprise-Level UTM to SOHO Users
- Crash & Burn: Snapchat Security Flaws Strike Again
- The Difference between CIFS and SMB
- Outdoor 802.11ac Wi-Fi that goes fast…and looks good while doing it.
- Security Analytics - An Enterprise Solution Priced for Small to Mid-Sized Corporations
- What Netflix Can Teach Other Businesses About The Cloud And Big Data
- The Down and Dirty of WebRTC
- Exploiting Network Time Protocol for DDoS Attacks
- Identity Theft Spikes as Tax Season Approaches
- Cross-Platform Bots, Deceitful Ransomware, and Oracle Exploits
- Is the Day after the Super Bowl a Holiday?
- How Aligned Are Business and IT Priorities?
- Midsize Businesses’ Best IT Weapon? Managed Services
- Where Cyberthreats Occur in Your IT Ecosystem
- Tips From The Pros: Organizing Access For 15TB of File Data
- 2014 Threats Predictions: The Internet of Things Offers Handy Gadget Control, Yet Could Unlock More Than We Expect
- Looking Into Technology’s Future: Four Predictions for 2014
- [Interactive Visual] The New Normal: Malware
- RSA Response to Media Claims Regarding NSA Relationship
- Happy New Year and Watch Your PII!
- NCA's Tom Gobeille on Security, Industry Trends and Marketing Needs
- Happy New Masint!
- Were Law Firms the First to Discover the Power (and Pitfalls) of Metadata?
- Political Satirist Stephen Colbert as Closing Keynote at RSA Conference - 2014
- NCA recognized for outstanding achievement in customer satisfaction
- ‘Pony’ Botnet Gallops Off With 2 Million Passwords
- From SIEM to Security Analytics: The Path Forward
- HIPAA’s Revamped Auditing Program: Will You Be Ready in 2014?
- Creating a Business Continuity Plan
- NCA Employees Lend a Hoping Hand
- The Security Impact of Shadow IT: December #SecChat
- Internet-wide Man in the Middle Attack
- Lessons from the Government’s Cyber Crime Cases: Don’t Let Hackers ‘Own the Site’
- Introducing Ethernet, 40 Years Later
- Santa visits Children’s Hospitals using Cisco Video Technology
- As Black Friday Nears, Retailers Look to Tech to Help Boost Sales
- Public Safety Blog Series-Government Agencies and the Future of Mobility
- Is There Something Phishy In Your Inbox?
- Mobile WAN Optimization is Overrated
- Enterprise Dark Data Is a Hidden Asset
- Backups are the Best Defense Against CryptoLocker
- Outsourcing Rising: More Businesses Delegating IT
- Microsoft Office Leaves Users Open to Cyber Exploitation
- Vulnerability Risk Management – It is a Big Deal
- Protect Your Data – or Pay the Price
- What is UC? An Intro to Unified Communications
- Reduce data center failure with concurrent maintainability (video)
- WAN Service Redundancy – Which Option is Best?
- Video: 6 Steps to HIPAA Compliance
- Everything You Wanted to Know About Cryptolocker…
- Network Computing Architects Inc. (NCA) Rated “World Class” in Customer Satisfaction by Independent Source
- Make Sure Your NDA Is Worth The Paper It’s Printed On
- How to Sail Around Pitfalls During a Telephone System Replacement
- Can quirks in mobile phone motion sensors identify consumers?
- Your Most Baffling Video Conferencing Questions…Answered!
- Healthcare Providers Take a Shot in the Cloud
- 10th Annual National Cyber Security Awareness Month
- When It Comes to IT Challenges, You’re Not Alone
- Vertexnet Botnet Hides Behind AutoIt
- Breach Notification Gets Tweaked
- 6 of 9 HIPAA Network Considerations
- What the Personalization of Work Means, or the BYOx Factor
- Data Security Breaches: Case in Point
- It’s Even Easier Now For Regular Folks To Conduct Cybercrime
- Incident Response: Can you Prepare for the Unexpected?
- Banks Cash in with Big Data
- FIVE Network Security Management Requirements for Controlling BYOD and Shadow IT
- Crumbling to the Cookiebomb
- What’s Under Your Rocks?
- 8 Ways to Prepare Your Network for UC
- Big Data Best Privacy Practices, FTC-style
- 4 things cloud services will do for your business, starting today
- Is RFID Less Physically Secure Than a Key?
- Government’s New Mobile Code of Conduct: PIIs Get Noticed
- Back to Your “Tech-Centric” School
- The End of The World is (NOT) Nigh!
- HIPAA’s Teeth: What happens when you’re non-compliant?
- Blue Big Data vs. Red Big Data
- Criminal Minds: Thinking Like a Hacker Makes Good Data Governance Sense
- BYOD: From Fad to Business Necessity
- From Disaster to Happily Ever After? A Roundup of Recovery Trends
- Phishing Attacks Affect 37.3 Million Users This Year
- What is HIPAA and why should I care?
- Top Lessons Learned From Yesterday’s Tech
- Incident Response Plan - How Great it is!
- Securing Industry Mobile Initiatives Beyond BYOD
- Does PRISM Really Change our View on Privacy?
- Big Data and Sports: A Winning Strategy
- Mobility and the Enterprise: How is Business Technology Adapting?
- An Interactive Look at Connected Devices in 2020
- Measuring the Success of Your IT Security Program
- Building Blocks for a Proactive Cybersecurity Strategy
- Will Big Data Give Each of Us a Pop-Tarts Moment?
- Road Warriors Ready to Embrace Tablets