Part 2 CICA Top 10 Survey 1 Technology Trends – CICA Top 10 Survey Information Management and Data Integrity Legislation, Regulation and Compliance New and Emerging Technologies Information Skills and Resources – In the Information Age IT Governance Outsourcing Public Trust Management and Operation of Technology Infrastructure Business Continuity and Pandemic Awareness Impact of the Economy on Information Technology © Robert G Parker – UW-CISA 2010 S-2 1 - Information Management and Data Integrity The categorization and management of information as a resource with business value to the organization • Maintaining Data Integrity • Complete, accurate, authorized, relevant, timely, consistent • Encryption – A Pressing Need • Protecting against unauthorized access, theft or use of data • Information Overload • Amount of information – information overload, unfiltered information • Sources of information - email, Blackberry, cell phone, iPad, Playbook • Better Understanding of the Value of Information • Presentation, visualization, data analytics, greater insight Don’t need more information; we need better, more relevant information © Robert G Parker – UW-CISA 2010 S-3 Information Management and Data Integrity Analysis • Data Loss Prevention • Policies, procedures, techniques • Protect against unauthorized access to, and release of, information • Data Retrieval • Data categorization, availability and retrievability • Issues; redundancy, consistency, synchronization, maintenance Determining The Value of Information Who determines value How much should be spent for data security What are managements’ priorities © Robert G Parker – UW-CISA 2010 S-4 Information Management and Data Integrity Analysis Determining The Value of Information Data Protection Priorities 5 Information Management and Data Integrity Related Studies Information Analytics "increasing the use of information and analytics is one of the top three business priorities" Visualization “visualization (which was defined within the study as "refers to the innovative use of images and interactive technology to explore large, highdensity datasets") was increasingly being used to identify insights into both structured and unstructured data for such areas as operational efficiencies, profitability, and strategic planning” Challenges “handling the sheer volume of the data” “handling regulatory pressures to provide improved insights into risk management” Source: Gartner Group; cited in Deloitte Tech Trends 2011 6 Information Management and Data Integrity Business Reaction Rethink the “more is better strategy” Increase filtering of data to provide appropriate and relevant information Improve security over data and information Recognize the value of information to the organization Data Integrity Risk Management Assess risks to data and information, including risks of incomplete, incorrect, unauthorized (internal Wikis, personal productivity tools), Implement a comprehensive and robust data protection program (security, DLP, integrity) Implement sustainability and compliance programs, including monitoring 7 2 - Legislation, Regulation and Compliance Legislation, Regulation and Compliance 2 - Legislation, Regulation and Compliance Establishing, maintaining and managing legislative compliance, such as privacy requirements. • Large Number of Acts, Regulations etc. that must be Monitored and Complied with • Frequency of Legislative and Regulatory Changes • Ensuring Compliance Through ad hoc Methods • Increasing Industry Compliance Requirements There is a need to change how we: • monitor changes, • evaluate their impact, • design and approach to changing systems and procedures • ensure sustainable compliance © Robert G Parker – UW-CISA 2010 S-9 Legislation, Regulation and Compliance Related Studies Uncertainty "level of uncertainty within regulations and the possibility that they may have to comply with potentially conflicting regulations" Source: Ernst and Young –Top 10 Risks 2011 - Number 1 Business issue Privacy Compliance “Regulations, laws and enforcement": key issues cited include tougher penalties and increased global cooperation in ensuring protection of private data” “Additional breach notification requirements": countries including Canada, the EU, Japan and others as seeking to implementing (if not already implementing) mandatory breach notification laws” "Governance, risk and compliance (GRC) initiatives“ - "financial institutions alone were spending up to US$100 billion on mitigating risks in 2010” “… greater choice in GRC tools to manage risks associated with governance and compliance” Source: Ernst and Young – Privacy Trends 2011 10 Legislation, Regulation and Compliance Related Studies Cost of Compliance “(recognized the) cost of compliance to be a major concern” “The cost of compliance has rocketed as companies moved from writing policies and discharging responsibilities to testing and demonstrating operation effectiveness.” “68% of the interviewees reported more boardroom interest in risk and compliance 82% expected compliance costs to increase in the next few years, with the majority expecting increases in the 10% to 20% range. KPMG’s Global CIO Survey 11 Legislation, Regulation and Compliance Related Studies None? GLB? 12 Legislation, Regulation and Compliance Business Reaction Implement systems and procedures to track, assess and design compliance policies and procedures Insure sufficient recognition and priority of GRC at the C-suite and board Implement employee awareness and training programs, newsletters Design sustainable compliance into processing and reporting systems Regulatory Compliance Risk Management Continuing changes in legislative and regulatory compliance Increasing complexity and more stringent requirements Increased reporting requirements requiring more effective data gathering and reporting systems Rationalizing uncertainty and conflicting requirements 13