IdM Governance in Higher Education

Slides:



Advertisements
Similar presentations
Board Governance: A Key to Quality Organizations
Advertisements

IT Governance & Quality Management
[Imagine School at North Port] Oral Exit Report Quality Assurance Review Team School Accreditation.
© 2003 McGraw-Hill Australia Pty Ltd. PowerPoint Slides t/a Management: A Pacific Rim Focus Enhanced Edition. Slides prepared by David Meacheam & George.
Module N° 4 – ICAO SSP framework
1 Regulation. 2 Organisational separation 3 Functional Separation.
Internal Audit Capability Model (IA-CM) for the Public Sector
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
International guidelines: Similarities and Criticisms
The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System
Report to the IIJIS Implementation Board October 20, 2004 Dale Good – SEARCH Dave Usery – IJIS Institute.
Copyright The Info-Tech Research Group Inc. All Rights Reserved. D1-1 by James M. Dutcher Strategic IT Planning & Governance Creation H I G H.
IBM Corporate Environmental Affairs and Product Safety
EMS Checklist (ISO model)
A BPM Framework for KPI-Driven Performance Management
A brief for top management Prepared by the Institute of Quality Assurance Integrated Management Special Interest Group Future management is integrated.
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Effective Contract Management Planning
Strategic Meetings Management 101
1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Evaluating administrative and institutional capacity building
Program Management Office (PMO) Design
SAI Performance Measurement Framework
How to commence the IT Modernization Process?
CUPA-HR Strong – together!
CUPA-HR Strong – together!
Alignment of COBIT to Botswana IT Audit Methodology
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Auditing Governance Functions
Auditing, Assurance and Governance in Local Government
1 IT Governance Presentation to DCO’s Forum 8 June 2005.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Chapter 2 The Software Process
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Oncor’s EIM Program.
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
University of Nevada, Reno Data-Driven Organization Governance 1 Governing a data-driven organization (4/24/2014)  Define governance within organizations.
UCSF IT Update November 2013 Presenter: Joe Bengfort.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
The Challenge of IT-Business Alignment
Introduction to Software Engineering LECTURE 2 By Umm-e-Laila 1Compiled by: Umm-e-Laila.
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Software Engineering Lecture # 17
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
Holistic Approach to Security
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Kathy Corbiere Service Delivery and Performance Commission
Linking the learning to the National Standards for Safer Better Healthcare Joan Heffernan Inspector Manager Regulation – Healthcare Health Information.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
ACE Institute Raising the Bar on Cooperative Governance David A.H. Brown, Executive Director © Brown Governance Inc. and the Canadian Co-operative Association.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
ForrTel: IT Governance Frameworks
Outcomes of the FMC review Vania Tomeva, PIFC consultant July 2013, Tbilisi 1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Shared Services and Third Party Assurance: Panel May 19, 2016.
Update from the Faster Payments Task Force
Alignment of COBIT to Botswana IT Audit Methodology
Presentation transcript:

IdM Governance in Higher Education Dave Muehling Director, Consulting dmuehling@burtongroup.com http://www.burtongroup.com 1 April 2010 www.burtongroup.com

Governance is Overwhelming! Higher Education may not be able to use common business patterns Funding models can become a roadblock Governance models differ, even within the Higher Education space itself The Culture of Higher Education is unique It is often difficult to assign ownership Membership in governing bodies is often fluid and diverse DAVE www.burtongroup.com

Why Talk About Governance Now? The Generation Y and “Z” effect Technologies role in research and education Regulation and Compliance: FERPA, HIPAA, PCI Technology overload: Stacking the deck Social Networking Mobility The “my.Device” dilemma Federation DAVE www.burtongroup.com

What Is IdM Governance? What is Governance? Governance sets policy, establishes authority and responsibility, and implements accountability Comprises structures, rules, power and influence, funding mechanisms, enforcement mechanisms, and appeals processes University executives and steering committees define policies Localized working groups implement policy via processes IT automates some of these processes through technology DAVE www.burtongroup.com

Effective Governance Foster communication Achieve high data quality A strong governance team helps institutions Foster communication Achieve high data quality Promote application inter-operability Avoid undue risk Bring together different constituent groups Enforce regulatory compliance Supports the autonomy amongst the schools Provide better service www.burtongroup.com

Effective Governance Build value Create transparency Goals of governance Build value Create transparency Allows management to understand whether the risks the institution is taking are prudent and to know how effectively its value-creation and loss-limitation activities are functioning so that these activities can be adjusted if they are not doing the job To achieve executives’ governance goals of building value and creating transparency, institutions must continuously perform two governance tasks Turn policies into processes Measure success - create evidence of its actions www.burtongroup.com

Effective Governance Sponsorship Ownership Core Team A strong governance team requires Sponsorship Maintain focus Manage relationships Overcome roadblocks Provide stewardship throughout the life of the IdM initiative Ownership An individual or group should be accountable for the decisions made and the actions taken Has enforcement capabilities to go along with the accountability Core Team Responsible for day-to-day direction Right mix is critical to making effective decisions www.burtongroup.com

Effective Governance What happens if an institution does not have effective IdM governance? Redundant identity data propagated across application silos Diminished oversight as to how identity data is being used as propagation “propagates” Duplicitous application development to handle authentication or authorization Potential misuse of sensitive identity data due to insufficient controls Little end-to-end auditability Of identities and access privileges across all resources Of the applications and systems using an institution’s identity data and how that data is used www.burtongroup.com

Governance IdM Framework model includes governance DAVE www.burtongroup.com

Types of IdM Governance Models Formal Hybrid Model Shared Central ownership with steering committees and working groups throughout the institution Centralized Model All governance stems from strong central ownership with centralized committees and groups Explicitly De-Centralized Model All governance stems from individual committees and working groups that act in an independent fashion No Clear Governance Model DAVE www.burtongroup.com

Levels of Governance Maturity Level 5 – Optimizing Continuous process improvement is enabled by quantitative feedback from the process and from testing innovative ideas and technologies Level 4 – Managed Both the process and end-products are quantitatively understood and controlled using detailed measures Level 3 – Defined The process for both management and engineering activities is documented, standardized, and integrated into an organization-wide process and used by all projects DAVE Level 2 – Repeatable The necessary process discipline is in place to repeat earlier successes on projects with similar applications Level 1 – Initial Few processes are defined, and success depends on individual effort talent and heroic effort www.burtongroup.com

IdM Governance Framework Business Initiatives & Processes Technology Strategy & Usage Growth Management Federation Legislation Guiding Principles Policy Management Model System Architecture and technical Standards Enforcement Processes Recovery Monitoring Administrative and End User Guidelines and Procedures Business Drivers Governance Documents policy, principles, control environment Management Model – content management, security management, operational impact Operations Documenting administrative and end-user guidelines and procedures Administering access controls, monitoring, and recovery processes Business Requirements Architecture Design the infrastructure Develop technical standards and processes Factors determining the Business drivers User Profile extensions www.burtongroup.com

Governance Governance Process – it is iterative! www.burtongroup.com

Governance The IdM strategy should be published and reviewed on an annual basis (“evidence of its actions”) The review process should evaluate the strategy with respect to four key areas: Enhancement to existing services New services Operational efficiency Cost reduction www.burtongroup.com

Governance High level governance process example for an institution to consider (“operationalization”) Any department, application owner or business project team requiring new services or extensions to existing services provided by the IdM infrastructure must provide the following: Business purpose Description of the processes Written assurance that the data being used will be protected to the full extent of the institution’s data usage policy www.burtongroup.com

Where To Begin? Understand that individual initiatives will have priorities and objectives that don’t align directly to others A governance body should, therefore, Rationalize common requirements and capabilities Arbitrate the needs of different initiatives Acknowledge and accommodate the current state Establish the point of convergence Foster and manage the migration DAVE www.burtongroup.com

Governance Business processes that impact the IdM infrastructure The governance team and working groups develop: Business processes that impact the IdM infrastructure Service-level-agreements Operations and maintenance issues Enterprise (University) standards Application integration guidelines Privacy guidelines Data-usage guidelines Schema extensions University role definitions and usage Authentication and authorization rules Address operational issues Budget and funding DAVE www.burtongroup.com

Governance Executive stakeholder(s) IT Security and/or Privacy A “typical” IdM Governance Team would be comprised of decision-making representatives from the following departments: Executive stakeholder(s) Delegate but maintain responsibility IT Security and/or Privacy IT Architecture Operations and Support (e.g., Infrastructure) Administrative Systems HR Information Systems Registrar Application Development Internal Audit DAVE www.burtongroup.com

Where / How To Start Evaluate existing policies and processes during initial analysis and release Start making governance decisions now to be ready for future requirements Iterative process –Create, Validate, Finalize Executives, legal, IT, privacy, & security validate any decisions If needed, form sub-teams to work offline and present recommendations DAVE www.burtongroup.com

How To Measure Success Leverage management frameworks (CobiT, ITIL, etc.) Key Goal Indicators Business-driven measurements of what needs to be accomplished Lag indicators that can only be measured after the fact Examples: CISO / CPO agreement and signoff, having operations on budget and on schedule, availability of systems and services Key Performance Indicators Short, focused measurements of how well a given process is performing Examples: reduce # of support incidents, satisfaction of stakeholders By clearly defining key goal and performance indicators, institutions can establish benchmarks to determine effectiveness of governance model www.burtongroup.com

Summary Governance should start at the top Governance tasks should be delegated, but authority is still held at the executive level In order for governance to work you need to: Have a minimum level of control at the top level Have to determine scope of compliance Have to determine execution of compliance Have to create the processes, audit points and architectures that will support the decisions being made One size does not fit all – define and adopt a governance model that best fits with the institution’s principles and culture www.burtongroup.com

Q&A www.burtongroup.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.