10. ALBERTA ITM Control Framework Overall Strategic Direction & Vision Strategic & Tactical Policies Supporting Controls (Processes, Standards, Guidelines)
11. Forrester Research IT Compliance Life Cycle Phase I Phase II Phase III - Ongoing Management
12. Drivers Enterprise governance IT governance Best practices Controls and Legislation Performance Business goals Conformance Basel II, Sarbanes-Oxley Act etc. COSO COBIT ITIL Security Quality Management IT Service Management ISO/IEC 2700x ISO/IEC 9001:2000 Balanced scorecard CoBIT, Legislation & Other Frameworks
13. CoBIT Maturity Model Understand where IT and business are for each control Maturity Level Status Establishment 0 – Non-existent No recognition of need to control No intent to assess the need for control 1 – Initial / ad hoc Some ad hoc recognition of need to control No awareness of need to assess what controls are needed 2 – Repeatable but intuitive Controls in place but not documented Assessment of control need occurs only when necessary 3 – Defined Controls are in place and adequately documented Critical controls and processes are identified based on value and risk drivers 4 – Managed and Measurable Effective control and risk management environment Control criticality regularly defined with full support of business owners 5 – Optimized Enterprise wide risk and control programme provides continuous and effective control and risk resolution Business changes consider the criticality of controls and cover any need to reassess control capability
18. WEB 2.0 What do we need to know about and consider while we are developing policies, frameworks, standards and controls?
19. Web 2.0 at Advanced Education and Technology Internal P.S.I. Institutes Other Stakeholders Internal P.S.I. Institutes Other Stakeholders Identity Management A & A Real-Time Communications Dashboard Identity Management A & A Real-Time Communications Dashboard Business Apps (SFS, ATOMS, PAPRS, SHR) Information Strategy (Information & Knowledge) Web Strategy (Content, Information, Applications) Desktop Apps (Calendar, Word, PowerPoint) Unified Msg Web Conference Video Conference Instant Msg Collaboration Tools Presence (People, Place, Time) Presence (People, Place, Time) Collaboration Integration IP Enabling Contact Centers Public | Wireless Network | LAN/GOA Domain Presence (People, Place, Time) Supernet Room to Room Video over IP Centrix | PSTN VPNs Collaboration Integration
20. WEB 2.0 Impact Mid 1990-2000s WEB 2.0 Value Proposition Knowledge/Info Centralization Decentralization Training Waterfall/RUP meant training was at the end Training is at the beginning through Self Training and each other Cultural Change Business performed and information in silos Collaboration, openness, joint problem solving Business Work Style Feature and information and overload Simple, easy to use, business has become technology savvy through self training
21. WEB 2.0 Impact Mid 1990-2000s WEB 2.0 Value Proposition Home / Work Tools Work, more tools Home/Work tools the same Labour Shortages Attract Gen X, Y and Millenials Governments cutting Everyone recruiting Generation X Expectations Grassroots Managers understand how technology can help productivity IT Organization's Gate Keepers Privacy/security force IT to protect castles Business will go around any blocking we put in because they CAN and they WANT IT
22. Centralized Control Versus Decentralized Information Sharing (Balancing Opportunities/Risks) Mid 1990-2000s WEB 2.0 Value Proposition Privacy/Security IT and SMEs guardians End user behaviors guided by principles Managing Information and Records IT and SMEs guardians and overwhelmed by increased volume End users accountable for information supported by tools provided by IT and SME Information Silos Caused by not working together and sharing Caused by collaborating and working together but outside of centralized, controlled tools Policy, Authorized, Authoritative Sources Policy and authority decentralized - IT just starting to centralize IT now Policies and accountability principle based on understanding and trust
23. Centralized Control Versus Decentralized Information Sharing (Balancing Opportunities/Risks) Mid 1990-2000s WEB 2.0 Value Proposition Technology Delivery and Expectations IT plans aligned after business plans IT specific visions, plans and strategies plus business alignment Service Responsiveness IT and SMEs required to implement policies and controls Policies and controls need to demonstrate value Enterprise Tool Investments Created to share investment and reduce information silos Still required but only for information sources where information needs to be protected
24. ALBERTA’S PLANS, VISIONS AND STRATEGIES WHAT WE LEARNED ABOUT HOW WE NEED TO PLAN BECAUSE OF CONTROLS, EXPECTATIONS, AND WEB 2.0
25. Vision: All Plans – Relationships Web 2.0 Advanced Education & Technology Business Plan & Policy Cross- Government Initiatives GoA Information & Services Strategy GoA Enterprise Architecture GoA Business Plan STAKEHOLDER INPUT Post Secondary Institution Learners/Parents/ Public/other Stakeholders Research Institutes 3 Year ITM Plan Maintenance Operations Initiatives Standards ITM Policy Framework Operational Controls PSI Plans & Architecture 7 Year ITM Vision 5 Year ITM Strategies 1 Year Operational Plan
26. Advanced Education and Technology in 2014 Test & Demo Pilots 2014 “ Right Info” and “ Right Services” at the “ Right Time” at the “ Right Place” to Answer the “ Right Question” for the “ Right Person” Testing & Training Identity Management Strategy Information Management Strategy Web Strategy GOA Information & Services Strategy Unified Communications Strategy