Principles for a Governance Framework
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 43 minutes
Now let's talk about the three principles needed for a governance framework.
So in this video, we're going to talk about the three principles needed for governance framework.
We went over the Six Principles for Governance System. Now let's focus on the three key principles for governance framework.
Kobe recognizes that for a governance framework, it should be based on a conceptual model.
This model should identify the key components and relationships between components.
With this conceptual model, you'll have a high level and holistic view of your I T infrastructure and what the components are and how they interact with each other.
This ensures that you're not leaving out important processes, information or relationships when designing and implementing your governance plan.
If you don't have a conceptual model, you may not have all the vital information needed.
Models helps you t to design a useful and relevant governance system that includes avenues that add business value.
It's important to note that to maximize business value, you should implement automation and maximize consistency where possible.
Using a conceptual model is important because it determines how the governance of I T must be organized and brings attention to governance and management areas that need special attention.
It's kind of like having an I T blueprint and supports the overall enterprise
cope. It states that a governance framework should be open and flexible.
If you have a flexible way to address issues, it can ultimately lesson risk
risks can be the loss of time. Resource is financial costs, intangible costs and more.
Let's quickly go over the risk of loss of time. And resource is
if you have a rigid way to deal with issues such as hardware failure, wherein you have to obtain approval to replace your laptop from multiple sources and the request can take up to two weeks,
you will lose those two weeks of work from an employee that suffered in hard hardware failure.
So this is just an example. But it's important to have a flexible way to deal with issues that will inevitably arise when doing business.
A sub focus of principle Teoh is that enterprises should focus on maintaining integrity and consistency within the organization.
Integrity means that all information is accurate and consistent and refers to processes, information and more being standardized toe, lessen the room for error.
If you have certain data that is all used by one department in different formats and located in different places. Like someone email, someone chat and summon folders, etcetera.
There is a higher risk and a higher possibility of something going wrong.
This is important to keep in mind when designing your I T governance system so you can aim for information and processes that are consistent and retain their integrity.
Take a moment to think about a time in your company
when implementing a program that was not open and flexible.
What kind of difficulties did that create for your business and the program itself?
So the last principle for a governance framework is that it should align to major related standards, frameworks and regulations.
Ensuring compliance should be a top priority for all organizations.
Thus, aligning your governance system, toe laws and regulations is absolutely essential.
While it's not mandated toe a line to major related standards and frameworks, it's important to do so.
Widely accepted best practices and guidelines will help to ensure that you're doing business in a manner that is proven to be effective, efficient and safe.
Thus aim for implementing a governance framework that aligns with best practices, standards, frameworks and, most importantly, laws and regulations.
A C P, a. Firm You and Hide and Barber was using co bit to build processes toe allow its I T department to serve the enterprises needs.
It's a mid sized accounting firm with 150 employees and six locations.
Given the size and geographic dispersal, there was a level of I T complexity that the enterprise had to manage.
The organization found there was a general disconnect between I T and the needs of professionals and that I t spending did not align with the firm's needs and I t Expectations and demands varied among shareholders.
Thus, the business needs
directed the governance efforts and management key areas.
So let's see how the three Kobe principles for a governance framework could assist with this organization.
A conceptual model would be able to reduce the I T complexity to a high level to see the current informational assets I T systems and interdepartmental relationships and flows.
Since needs vary from organization to organization, as in this example, stakeholder opinions varied. There was a general disconnect between I T and needs of the business, and I t spending was not aligned with business needs.
Thus the framework needs to be open and flexible to meet the demands of the C P. A firm.
Since it was considered a quote unquote small company because it had less than 150 full time employees, it needed to be further adjusted.
Additionally, since this firm was geographically dispersed, there needed to be customization is added,
cope it. It's a governance framework that accounts for a level of openness and flexibility for Taylor changes.
Lastly, a governance framework should align to major frameworks and standards.
A c p, A. Firm will most likely need to abide by a number of laws and regulation,
given its industry and the type of information that it works with.
Thus using co bit, which is a governance framework that aligns toe other major framework standards, laws and regulations and best practices. You have some peace of mind,
and you also have a level of safety knowing that you're following other widely adopted and accepted practices.
So in this video we talked about the three principles needed for a governance framework and how these three principles contributed to a nightie governance program, as we saw through an example of the C p, a firm