Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Let's talk about the seven enablers
in this video, we're going to talk about the seven components that support governance and management objectives and how each component contributes to a governance system.
These components are sets of practices and activities meant to achieve objectives and produce outputs that support the achievement of i t related goals that are set by the enterprise.
Processes are sets of practices and activities to achieve objectives and produce outputs that support achievement of I T related goals.
Each governance and management objective includes several process practices.
Each process has one or more activities.
Measure the achievement of this practice and it's contribution to overall objectives, meaning you should include example metrics.
A capability level is assigned toe all process activities.
Ah, process reaches a capability level as soon as all activities of that level are performed successfully.
The scale ranges from 0 to 5.
Don't worry, we'll go over this later in this course
in the organizational structures component thes air decision making entities of
those who will execute decisions and strategic options set by the board of directors
in this component, make sure you list out key decision making entities.
For example, this may include the board executive committee CEO, chief Risk Officer I t. Governance Board
the Sea. So Project managers HR Legal counsel, audit team,
etcetera. I mean, I could keep going on, but you get the picture.
Different levels of involvement can be divided into responsible and accountable levels.
Determine who will have accountability and responsibility over practices.
Review the levels of responsibility and accountability.
Responsibility will include the roles that have the main operational stake in fulfilling the practice and creating the intended outcome.
Who is getting the task done?
Who is driving the task?
Mark the role that carries responsibility with an R in your documentation.
Accountability, on the other hand, carries overall accountability.
Accountability cannot be shared.
This makes sense because if you dilute who was responsible, it's easy for things to fall through the cracks or to play the blame Game.
Ultimately, who accounts for the success and achievement of the task
denote this with an A. In your documentation,
you could add two more levels for the roles in organization structure.
Consulted is another label, meaning who provides Thean put.
And then there's informed rules, meaning who is receiving the information regarding achievements and deliver a bles
denote this with a C or an eye, respectively.
Principles, policies and frameworks are another component that translate desired behavior into practical guidance for daily management.
This component tells you what is expected of you and how you can meet those expectations.
You should document which policies and procedures are relevant for your governance or management objectives.
The name of the relevant policies and procedures should be included along with the description of the purpose and content of the policy.
It also is helpful to site specific chapters in the documented governance program that relate to overall objectives.
For example, if you have a governance objective of managing risk, include your policies and procedures that relate to risk management, risk assessments and risk mitigation and site a detailed reference or specific reference point that relates to the overall governance of risk.
Take a quick inventory at the top of your head right now.
Do you already have documented policies and procedures that pertain to your prioritized objectives,
Services, infrastructure and applications Component includes the infrastructure, tech and applications that provide an enterprise with a governance system for I T processing
services, infrastructure and applications. Provide guidance on third party services, types of infrastructure and categories of applications to support achievement of a governance or management objective.
Keep in mind this guidance should be generic and not to technology specific,
or you'll find yourself having to constantly update this portion of the governance program.
Imagine if you were to specific in your infrastructure and when it's time to update your I T governance program to include new changes. You may have to do this at least 40 times as each component supports a governance or management objective, so keep it broad.
Kobe. It is also not a framework that is to use technology specific.
It's more broad to be encompassing and including of different types of organizations, regardless of size. And I t infrastructure
information is a component that is produced and used by an enterprise.
Kobets specifically focuses on information required for functioning of a governance system as an essential building block.
Information flows and items are linked with process practices.
It notes the inputs and outputs with origins and destinations.
In general, each output is sent to one or more of a limited number of destinations.
Another culprit process practice.
A list of outputs include remedial actions performance reports and monitoring targets.
Ultimately, it goes from management practice to description of output to destination.
Culture, ethics and behavior determined the success of the governance and management activities.
This component is really important to keep in mind when creating your I T governance program and strategic objectives and goals.
It will give you an idea of how successful your governance program will be.
Culture, ethics and behavior component provides a detailed guidance on desired cultural elements that support achievement, or
uh, that supports the achievement of a governance or management objective.
Other standards can be included as well in this document,
but make sure it's documented so you can always refer to it and teach it to your employees and new employees as well.
People, skills and competencies are component for good decisions, successful completion of activities and execution of correction corrective actions.
This is related to the culture, ethics and behavior component, but it has made distinct because of the competencies and skills that people bring to an enterprise.
This component identifies ah, human resource is and skills to achieve governance or management objectives.
It is ultimately a display of people, skills and competencies within your governance program.
This should be documented within your program so that you have a running list of these competencies that support your business goals and objectives.
Quick pop quiz. What component would documented procedures fall under?
If you answered principles, policies and frameworks, you are correct.
So in this video we talked about the importance of each of the seven components,
how each component delivers value to a governance system and the definition of each of the seven enablers.
Examples of a Governance Objectives Part 1
Examples of a Governance Objective Part 2
Example of a Management Objective Part 1
Example of a Management Objective Part 2
What is Performance Management?