Document

advertisement
Part 2
CICA Top 10 Survey
1
Technology Trends – CICA Top 10 Survey
Information Management and Data Integrity
Legislation, Regulation and Compliance
New and Emerging Technologies
Information Skills and Resources – In the Information Age
IT Governance
Outsourcing
Public Trust
Management and Operation of Technology Infrastructure
Business Continuity and Pandemic Awareness
Impact of the Economy on Information Technology
© Robert G Parker – UW-CISA 2010
S-2
1 - Information Management and Data Integrity
The categorization and management of information as a resource with business value
to the organization
• Maintaining Data Integrity
• Complete, accurate, authorized, relevant, timely, consistent
• Encryption – A Pressing Need
• Protecting against unauthorized access, theft or use of data
• Information Overload
• Amount of information – information overload, unfiltered information
• Sources of information - email, Blackberry, cell phone, iPad, Playbook
• Better Understanding of the Value of Information
• Presentation, visualization, data analytics, greater insight
Don’t need more information; we need better, more relevant information
© Robert G Parker – UW-CISA 2010
S-3
Information Management and Data Integrity
Analysis
• Data Loss Prevention
• Policies, procedures, techniques
• Protect against unauthorized access to, and release of, information
• Data Retrieval
• Data categorization, availability and retrievability
• Issues; redundancy, consistency, synchronization, maintenance
Determining The Value of Information
Who determines value
How much should be spent for data security
What are managements’ priorities
© Robert G Parker – UW-CISA 2010
S-4
Information Management and Data Integrity
Analysis
Determining The
Value of Information
Data Protection
Priorities
5
Information Management and Data Integrity
Related Studies
Information Analytics
"increasing the use of information and analytics is one of the top three
business priorities"
Visualization
“visualization (which was defined within the study as "refers to the
innovative use of images and interactive technology to explore large, highdensity datasets") was increasingly being used to identify insights into
both structured and unstructured data for such areas as operational
efficiencies, profitability, and strategic planning”
Challenges
“handling the sheer volume of the data”
“handling regulatory pressures to provide improved insights into risk management”
Source: Gartner Group; cited in Deloitte Tech Trends 2011
6
Information Management and Data Integrity
Business Reaction
Rethink the “more is better strategy”
Increase filtering of data to provide appropriate and relevant information
Improve security over data and information
Recognize the value of information to the organization
Data Integrity Risk Management
Assess risks to data and information, including risks of incomplete,
incorrect, unauthorized (internal Wikis, personal productivity tools),
Implement a comprehensive and robust data protection program (security,
DLP, integrity)
Implement sustainability and compliance programs, including monitoring
7
2 - Legislation, Regulation and Compliance
Legislation, Regulation and Compliance
2 - Legislation, Regulation and Compliance
Establishing, maintaining and managing legislative compliance, such as privacy
requirements.
• Large Number of Acts, Regulations etc. that must be Monitored
and Complied with
• Frequency of Legislative and Regulatory Changes
• Ensuring Compliance Through ad hoc Methods
• Increasing Industry Compliance Requirements
There is a need to change how we:
• monitor changes,
• evaluate their impact,
• design and approach to changing systems and procedures
• ensure sustainable compliance
© Robert G Parker – UW-CISA 2010
S-9
Legislation, Regulation and Compliance
Related Studies
Uncertainty
"level of uncertainty within regulations and the possibility that they may
have to comply with potentially conflicting regulations"
Source: Ernst and Young –Top 10 Risks 2011 - Number 1 Business issue
Privacy Compliance
“Regulations, laws and enforcement": key issues cited include tougher
penalties and increased global cooperation in ensuring protection of private
data”
“Additional breach notification requirements": countries including Canada,
the EU, Japan and others as seeking to implementing (if not already
implementing) mandatory breach notification laws”
"Governance, risk and compliance (GRC) initiatives“ - "financial institutions
alone were spending up to US$100 billion on mitigating risks in 2010” “…
greater choice in GRC tools to manage risks associated with governance and
compliance”
Source: Ernst and Young – Privacy Trends 2011
10
Legislation, Regulation and Compliance
Related Studies
Cost of Compliance
“(recognized the) cost of compliance to be a major concern”
“The cost of compliance has rocketed as companies moved from
writing policies and discharging responsibilities to testing and
demonstrating operation effectiveness.”
“68% of the interviewees reported more boardroom interest in risk
and compliance
82% expected compliance costs to increase in the next few years, with the
majority expecting increases in the 10% to 20% range.
KPMG’s Global CIO Survey
11
Legislation, Regulation and Compliance
Related Studies
None?
GLB?
12
Legislation, Regulation and Compliance
Business Reaction
Implement systems and procedures to track, assess and design compliance
policies and procedures
Insure sufficient recognition and priority of GRC at the C-suite and board
Implement employee awareness and training programs, newsletters
Design sustainable compliance into processing and reporting systems
Regulatory Compliance Risk Management
Continuing changes in legislative and regulatory compliance
Increasing complexity and more stringent requirements
Increased reporting requirements requiring more effective data gathering
and reporting systems
Rationalizing uncertainty and conflicting requirements
13
Download