Enablers

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Let's talk about the seven enablers
00:04
in this video, we're going to talk about the seven components that support governance and management objectives and how each component contributes to a governance system.
00:15
These components are sets of practices and activities meant to achieve objectives and produce outputs that support the achievement of i t related goals that are set by the enterprise.
00:28
Processes are sets of practices and activities to achieve objectives and produce outputs that support achievement of I T related goals.
00:37
Each governance and management objective includes several process practices.
00:42
Each process has one or more activities.
00:46
Measure the achievement of this practice and it's contribution to overall objectives, meaning you should include example metrics.
00:56
A capability level is assigned toe all process activities.
01:00
Ah, process reaches a capability level as soon as all activities of that level are performed successfully.
01:06
The scale ranges from 0 to 5.
01:08
Don't worry, we'll go over this later in this course
01:15
in the organizational structures component thes air decision making entities of
01:21
those who will execute decisions and strategic options set by the board of directors
01:26
in this component, make sure you list out key decision making entities.
01:30
For example, this may include the board executive committee CEO, chief Risk Officer I t. Governance Board
01:38
the Sea. So Project managers HR Legal counsel, audit team,
01:45
etcetera. I mean, I could keep going on, but you get the picture.
01:49
Different levels of involvement can be divided into responsible and accountable levels.
01:53
Determine who will have accountability and responsibility over practices.
01:59
Review the levels of responsibility and accountability.
02:01
Responsibility will include the roles that have the main operational stake in fulfilling the practice and creating the intended outcome.
02:10
Who is getting the task done?
02:13
Who is driving the task?
02:15
Mark the role that carries responsibility with an R in your documentation.
02:20
Accountability, on the other hand, carries overall accountability.
02:23
Accountability cannot be shared.
02:27
This makes sense because if you dilute who was responsible, it's easy for things to fall through the cracks or to play the blame Game.
02:35
Ultimately, who accounts for the success and achievement of the task
02:38
denote this with an A. In your documentation,
02:43
you could add two more levels for the roles in organization structure.
02:46
Consulted is another label, meaning who provides Thean put.
02:50
And then there's informed rules, meaning who is receiving the information regarding achievements and deliver a bles
02:57
denote this with a C or an eye, respectively.
03:04
Principles, policies and frameworks are another component that translate desired behavior into practical guidance for daily management.
03:12
This component tells you what is expected of you and how you can meet those expectations.
03:16
You should document which policies and procedures are relevant for your governance or management objectives.
03:23
The name of the relevant policies and procedures should be included along with the description of the purpose and content of the policy.
03:30
It also is helpful to site specific chapters in the documented governance program that relate to overall objectives.
03:38
For example, if you have a governance objective of managing risk, include your policies and procedures that relate to risk management, risk assessments and risk mitigation and site a detailed reference or specific reference point that relates to the overall governance of risk.
03:57
Take a quick inventory at the top of your head right now.
04:00
Do you already have documented policies and procedures that pertain to your prioritized objectives,
04:09
Services, infrastructure and applications Component includes the infrastructure, tech and applications that provide an enterprise with a governance system for I T processing
04:18
services, infrastructure and applications. Provide guidance on third party services, types of infrastructure and categories of applications to support achievement of a governance or management objective.
04:31
Keep in mind this guidance should be generic and not to technology specific,
04:35
or you'll find yourself having to constantly update this portion of the governance program.
04:42
Imagine if you were to specific in your infrastructure and when it's time to update your I T governance program to include new changes. You may have to do this at least 40 times as each component supports a governance or management objective, so keep it broad.
04:58
Kobe. It is also not a framework that is to use technology specific.
05:01
It's more broad to be encompassing and including of different types of organizations, regardless of size. And I t infrastructure
05:14
information is a component that is produced and used by an enterprise.
05:17
Kobets specifically focuses on information required for functioning of a governance system as an essential building block.
05:26
Information flows and items are linked with process practices.
05:30
It notes the inputs and outputs with origins and destinations.
05:34
In general, each output is sent to one or more of a limited number of destinations.
05:41
Another culprit process practice.
05:44
A list of outputs include remedial actions performance reports and monitoring targets.
05:49
Ultimately, it goes from management practice to description of output to destination.
05:59
Culture, ethics and behavior determined the success of the governance and management activities.
06:03
This component is really important to keep in mind when creating your I T governance program and strategic objectives and goals.
06:12
It will give you an idea of how successful your governance program will be.
06:15
Culture, ethics and behavior component provides a detailed guidance on desired cultural elements that support achievement, or
06:25
uh, that supports the achievement of a governance or management objective.
06:29
Other standards can be included as well in this document,
06:31
but make sure it's documented so you can always refer to it and teach it to your employees and new employees as well.
06:42
People, skills and competencies are component for good decisions, successful completion of activities and execution of correction corrective actions.
06:51
This is related to the culture, ethics and behavior component, but it has made distinct because of the competencies and skills that people bring to an enterprise.
07:01
This component identifies ah, human resource is and skills to achieve governance or management objectives.
07:08
It is ultimately a display of people, skills and competencies within your governance program.
07:14
This should be documented within your program so that you have a running list of these competencies that support your business goals and objectives.
07:23
Quick pop quiz. What component would documented procedures fall under?
07:29
If you answered principles, policies and frameworks, you are correct.
07:34
So in this video we talked about the importance of each of the seven components,
07:39
how each component delivers value to a governance system and the definition of each of the seven enablers.
Up Next