Upload
georgina-vernon
View
18
Download
1
Embed Size (px)
DESCRIPTION
Providing Value: Where Do You Stand with the C-Suite?. Session 12 Matt Schmidt & Dr. Chip Council December 3 rd , 2008 – 1:00PM. Presentation Overview. Overall Value Goals ROI & Measuring Success Monitoring Investments & Tools Being a Good Steward to the Business. Providing Value: Goals. - PowerPoint PPT Presentation
Citation preview
Session #Title of Your Presentation
© If appropriate, insert your organization’s copyright information
Session 12
Matt Schmidt & Dr. Chip Council
December 3rd, 2008 – 1:00PM
Providing Value: Where Do You Stand with the C-Suite?
© If appropriate, insert your organization’s copyright information
Overall Value Goals
ROI & Measuring Success
Monitoring Investments & Tools
Being a Good Steward to the Business
Presentation Overview
© If appropriate, insert your organization’s copyright information
Supported by management
Integrated in enterprise risk management processes
Maturity
Providing Value: Goals
© If appropriate, insert your organization’s copyright information
A Tragedy of the Commons: Free IT!
As an organization grows, the demand for IT grows
Some demands will go unmet
Dissatisfaction can lead to turnover, low morale, etc.
A finite resource subjected to infinite demand must fail.
© If appropriate, insert your organization’s copyright information
A Tragedy of the Commons: IT Budgeting
Many companies still use a model of a centralized budget for IT funding
– Business = supplicants for budget dollars– IT = custodians of IT budget
Both groups are measured by differing standards
– Business = revenue, market share, cost reduction– IT = how the budget was managed
© If appropriate, insert your organization’s copyright information
Three Degrees of Policy (AAA)
– Absent…one extreme
– Aspirational…to the other
– Appropriate…just right
"Best practice is intended as a default policy for those who don't have the necessary data or training to do a reasonable risk assessment."
--George Spafford
Example: Security Policy/Standards
© If appropriate, insert your organization’s copyright information
What is ROI?
The complete benefit from an investment
This includes risk mitigated To be complete it must include an
assessment of both tangibles and intangibles
KEY THOUGHT: Intangibles CAN BE MEASURED!
© If appropriate, insert your organization’s copyright information
Why is Complete ROI Important?
Worthy projects are not getting funding CFOs have become highly skeptical of soft benefits CFOs are insisting on hard, tangible returns for each investment Research shows that up to 90% of the costs and benefits of IT
investments are intangibles Firms are sacrificing their long-term growth to make their short-
term numbers.
-Source- Erik Brynjolfsson, management professor at MIT's Sloan School of Management
© If appropriate, insert your organization’s copyright information
Are Capabilities Intangible?
Example of Capabilities?– Capability of identifying intrusions
with immediate notification– Capability of disabling privileged
access directly from the HR System– Capability to prove Compliance
How do we measure the impact of the capability?
© If appropriate, insert your organization’s copyright information
How To Measure Success
Establish goals prior to an effort Goals must be measurable Use of “Performance” and “Goal”
indictors Must be understood by non-
technical management
© If appropriate, insert your organization’s copyright information
Create a Governance Committee
Focus on agility and results The Structure of the committee Who should be on the committee How often should they meet Ensure clear communication to the top Determine Success Factors
© If appropriate, insert your organization’s copyright information
How to Monitor Investments – Val-IT
Allows organizations to get business value from IT investments
Provides a governance framework Includes a set of guiding principles A number of processes conforming to those
principles A further defined set of key management
practices.
© If appropriate, insert your organization’s copyright information
Economic Issues & IT Governance
IT Governance surfaces/resurfaces during times of economic crisis
– Survival mode: Marching orders to CUT, CUT, CUT!– Uninformed decisions often produce adverse results
Keys
– Prioritization– Smart use of resources
*Just as critical during times of growth and prosperity*
© If appropriate, insert your organization’s copyright information
Being a Good Steward to the Business
Speak the language of the business
– Talk in terms of risk
– Save the technospeak for /. responses
Credibility
– Security management needs to establish at C-level
– Give honest feedback
© If appropriate, insert your organization’s copyright information
Being a Good Steward to the Business
Understand how the business interprets ROI
– Most likely different than Information Security
– Difficult to quantify security benefits
Don’t lose sight of strategy
Be flexible
And…
© If appropriate, insert your organization’s copyright information
Being a Good Steward to the Business
BE CONSISTENT AND
DON’T OVERCOMPLICATE!!
http://xkcd.com/74/
© If appropriate, insert your organization’s copyright information
Questions?
Questions?