Managing Performance of Other Governance System Components

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
it's important to manage performance of other governance system components
00:06
in this video. We're going to talk about how to manage performance for qualitative components, and we're going to talk about performance management for organizational structures, information and culture and behavior
00:19
to manage performance of the component of organizational structures. There will be less formal means of measuring performance. As there's no formal method,
00:28
the criteria itself will be less formal and there are suggestions to measure the performance management of organizational structures.
00:35
The successful execution of a process for which the structure or role is accountable for is a way to measure its performance.
00:43
Another way to measure performance of organizational structures and roles is to determine the successful application of a number of good practices.
00:52
Some good practices include the span of control, meaning the organizational structure is clear, documented and well understood.
01:00
The delegation of authority, meaning it's implemented in a meaningful way, practical and useful way
01:07
and the successful application of management practices where objectives are defined,
01:11
performances planned and monitored,
01:14
re sources and information necessary are identified and available. Allocated and used
01:21
interfaces between organizational structures and stakeholders are also managed for effective communication and clear responsibility and there are regular evaluations.
01:30
Escalation procedures should be defined in an applicable and meaningful and useful way.
01:37
Other good practices include a clear, documented and well understood operating principles or a formally established organizational structure.
01:46
Levels of authority should also be defined and documented and respected and complied with
01:51
these air always to measure performance of organizational structures
02:00
to manage performance of information and enterprise can compare its information to quality criteria.
02:06
Kobe has an information reference model for quality criteria of information.
02:10
An example of quality criteria. Would be information being accurate or correct and reliable, objective or unbiased, unprejudiced and impartial.
02:22
It should also be believable or meaning it should be true in credible and believable.
02:29
Additionally, contextual criteria would be relevancy, meaning it's applicable and helpful
02:34
that making sure it's complete, meaning it has sufficient depth and breath for the task at hand. Its current concise, consistent and has appropriate languages.
02:45
It should also be understandable, and it should be able to be manipulated
02:50
to the extent it's needed for its task.
02:53
The security, privacy and accessibility of information is also defined is a way to measure information, meaning is it available or easily and quickly retrievable when required. Or does it have restricted access for confidentiality?
03:07
Are there any additional criteria you can think of that are specific to your organization that allows you to measure the quality of information?
03:20
Managing performance of culture and behavior can be done by defining a set of desirable behaviors for good governance and management of I t.
03:28
Ensure that these behaviors air detailed
03:30
once you have achieved this assigned levels of capability for each defined behavior.
03:35
For example, AH management objective could be managed security.
03:38
A desired behavior could be attending training and awareness programs offered by the organization.
03:45
A capability level of this desired behavior. Maybe out of four, meaning there's an organized way of accounting for who attended which training for how long and a score of a quiz that was taken at the end of training.
03:57
This quantitatively defines how many times a person went to training and a quantitative score on an exam.
04:06
So in this video we talked about how to manage performance for certain qualitative components, meaning we talked about organizational structures, information and culture and behavior
Up Next
COBIT Foundations

In this course, we discover a success story of how COBIT was enacted to support the specific organization’s IT infrastructure. We will explore how COBIT can support organizational goals and objectives.

Instructed By