Why you Need IT Governance

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Let's talk about why you need I t. Governance.
00:03
So in this video, we're going to talk about why you need a nightie governance program, the benefits of such a program and the downside of not having it.
00:14
So we kind of discussed this earlier. But let's solidify why I T. Governance is useful
00:20
When you form a business, you've likely created business objectives and an overall business mission.
00:26
Let's pretend you're an e commerce company. One of your missions and business objectives would probably be to deliver your product to customers in a timely manner.
00:36
Now let's take a situation where you don't have. I t governance,
00:39
the systems and processes that air holding your data that is essential for your business, like billing information, your website etcetera.
00:48
If there aren't I t processes in place that are not meant not only to store the confidentiality of billing information,
00:55
but the availability and integrity of your website data, etcetera. An attack or accident could wipe your data or even worse, cause a data breach
01:04
it. Governance is not meant to constrict you, your data and your business.
01:08
Instead, it puts processes in place to ensure its effectiveness and efficiency in supporting your goals.
01:15
Does your website need to be available 24 7.
01:19
Then you should have or follow an I T governance framework that can support that mission
01:23
I take Governance also helps you to ensure you are compliant with laws and regulations that are commonplace in your industry.
01:30
If you are a health care company or take credit card information, you probably have to be compliant with HIPAA or P S I D. S s
01:40
I t governance can also help communicate i t value to stakeholders.
01:44
Oftentimes the security and sometimes I t department don't always bring in money for an organization.
01:49
That's especially true for the Security Department.
01:53
We're usually spending it.
01:56
This can cut funding for severely needed programs.
01:59
And if something goes wrong, probably the security an IT department may be the ones to blame.
02:05
So we need a way to communicate the effectiveness of the aforementioned departments.
02:09
I t governance can do that.
02:13
Remember how we mentioned that data governance falls under the umbrella of I T. Governance?
02:17
Well, big data is a huge part of data governance.
02:22
Big data is a huge business asset,
02:23
and it can be transformed to help you make pertinent business decisions,
02:28
it can give you a competitive advantage, depending on your ability to manipulate data. To gain insights.
02:34
Well, that data needs to be managed.
02:37
Data governance provides businesses a way in which to manage big data, delete duplicate data, cleanse data
02:44
and ultimately focus on information quality.
02:47
While this is usually a hard sell to upper management about why we need to spend time and Resource is implementing such a program,
02:55
try to frame the argument in terms of cost
02:59
risk assessments. Risk analysis and quantitative facts can help demonstrate i t governance value.
03:06
Additionally, demonstrate the ability of I t and data governance to save on costs.
03:10
Showing how data is an asset that could bring a competitive competitive advantage to a business can really lead the push forwards towards ensuring data safety.
03:23
One of the main focuses of I T governance is on information quality.
03:29
I t governance is focused on the I T assets surrounding your data, and ultimately, the main importance and function of it is to protect your data.
03:37
The quality of your information can be whether or not you obtain that competitive advantage
03:42
because of how you leveraged your data and information.
03:46
If you have duplicate data or data that has been accidentally deleted or corrupted, you can't use it to gain important business insights.
03:53
It can also help to protect your data and the quality of it.
03:59
Another goal of I T governance is to manage the information that is generated and stored by information systems.
04:05
One subset of that goal is toe lower risk surrounding that data.
04:11
That is especially true of confidential and sensitive data.
04:14
When you preserve your information quality and the security controls surrounding your information, your ultimately lowering your risk
04:21
risks can be corruption of data, deletion or unauthorized disclosures.
04:28
In the aforementioned cases, it can cause harm to you or your organization.
04:32
Improved
04:33
information quality can allow for security measures to be more easily implemented and preserve information that adds value to you and your business.
04:43
So it's simple.
04:45
I t governance ads, Business value.
04:47
Although it's not bringing in money like maybe your sales unit, it's still adding business value. It's protecting your information and really it's protecting you
04:57
when you're required to be compliant with laws and regulations like HIPAA or PC. Idea says
05:02
breaches and information can cause severe penalties and even jail time
05:08
I t governance are the processes and protections that surround your confidential data and support your means of remaining compliant with laws.
05:16
Take a moment to think. What do you think your biggest benefit of implementing in 19 governance program would be for you?
05:25
I'd imagine for a lot of people, it would be compliance. But for some companies, it could be on the quality of information or getting business value from your I t. Resource is.
05:38
Let's do the flip side. Now let's imagine you have no I t. Governance program and you enter into a lawsuit from a former employee.
05:46
Let's see
05:47
the former employees claiming that there are emails that implicate the company
05:53
if you have no viable I. T. Governance program that manages the I T. Resource is that house emails and stores information, and you have to sift through thousands or even millions of emails. Imagine how much time that would waste.
06:06
Also, imagine how you're probably going to miss things that support your case.
06:11
Do you see how potentially problematic that is?
06:15
So
06:15
e discovery is a procedure in which each party of a lawsuit will obtain evidence
06:20
this could be done through subpoenas.
06:23
This generally means that your company will have to give any relevant data to the other party involved in the case.
06:30
If you have corrupted, unusable or duplicate data, it will make your life so much harder and not to mention the cost in time. And resource is
06:40
if you don't have data
06:42
that is relevant to support your case because the data is corrupted, unusable and extraneous, it can cost you the case as well.
06:49
Legal hold notifications include a formal system where you have to put a a certain certain documents on illegal hold so you can't destroy them, and then they must be preserved.
07:01
They cannot be edited or altered or modified.
07:04
Sometimes you want to keep that discreet from other employees as well. And if you don't have a formal system for data, that's a problem.
07:13
Additionally, if you have duplicate data and you put a legal hold on that data but not the duplicate data, it could be potentially very, very problematic.
07:26
So in this video, we talked about why and I t governance program is useful
07:30
and the problems that can come from having no i t. Governance program
Up Next
COBIT Foundations

In this COBIT training, we discover a success story of how COBIT was enacted to support the specific organization’s IT infrastructure. We will explore how COBIT can support organizational goals and objectives.

Instructed By