1 / 18

Providing Value: Where Do You Stand with the C-Suite?

Providing Value: Where Do You Stand with the C-Suite?. Session 12 Matt Schmidt & Dr. Chip Council December 3 rd , 2008 – 1:00PM. Presentation Overview. Overall Value Goals ROI & Measuring Success Monitoring Investments & Tools Being a Good Steward to the Business. Providing Value: Goals.

Télécharger la présentation

Providing Value: Where Do You Stand with the C-Suite?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Providing Value: Where Do You Stand with the C-Suite? Session 12 Matt Schmidt & Dr. Chip Council December 3rd, 2008 – 1:00PM

  2. Presentation Overview • Overall Value Goals • ROI & Measuring Success • Monitoring Investments & Tools • Being a Good Steward to the Business

  3. Providing Value: Goals • Supported by management • Integrated in enterprise risk management processes • Maturity

  4. A Tragedy of the Commons: Free IT! • As an organization grows, the demand for IT grows • Some demands will go unmet • Dissatisfaction can lead to turnover, low morale, etc. • A finite resource subjected to infinite demand must fail.

  5. A Tragedy of the Commons: IT Budgeting • Many companies still use a model of a centralized budget for IT funding • Business = supplicants for budget dollars • IT = custodians of IT budget • Both groups are measured by differing standards • Business = revenue, market share, cost reduction • IT = how the budget was managed

  6. Example: Security Policy/Standards • Three Degrees of Policy (AAA) • Absent…one extreme • Aspirational…to the other • Appropriate…just right "Best practice is intended as a default policy for those who don't have the necessary data or training to do a reasonable risk assessment."                                                    --George Spafford

  7. What is ROI? • The complete benefit from an investment • This includes risk mitigated • To be complete it must include an assessment of both tangibles and intangibles • KEY THOUGHT: Intangibles CAN BE MEASURED!

  8. Why is Complete ROI Important? • Worthy projects are not getting funding • CFOs have become highly skeptical of soft benefits • CFOs are insisting on hard, tangible returns for each investment • Research shows that up to 90% of the costs and benefits of IT investments are intangibles • Firms are sacrificing their long-term growth to make their short-term numbers. -Source- Erik Brynjolfsson, management professor at MIT's Sloan School of Management

  9. Are Capabilities Intangible? • Example of Capabilities? • Capability of identifying intrusions with immediate notification • Capability of disabling privileged access directly from the HR System • Capability to prove Compliance • How do we measure the impact of the capability?

  10. How To Measure Success • Establish goals prior to an effort • Goals must be measurable • Use of “Performance” and “Goal” indictors • Must be understood by non-technical management

  11. Create a Governance Committee • Focus on agility and results • The Structure of the committee • Who should be on the committee • How often should they meet • Ensure clear communication to the top • Determine Success Factors

  12. How to Monitor Investments – Val-IT • Allows organizations to get business value from IT investments • Provides a governance framework • Includes a set of guiding principles • A number of processes conforming to those principles • A further defined set of key management practices.

  13. Economic Issues & IT Governance • IT Governance surfaces/resurfaces during times of economic crisis • Survival mode: Marching orders to CUT, CUT, CUT! • Uninformed decisions often produce adverse results • Keys • Prioritization • Smart use of resources *Just as critical during times of growth and prosperity*

  14. Being a Good Steward to the Business • Speak the language of the business • Talk in terms of risk • Save the technospeak for /. responses • Credibility • Security management needs to establish at C-level • Give honest feedback

  15. Being a Good Steward to the Business • Understand how the business interprets ROI • Most likely different than Information Security • Difficult to quantify security benefits • Don’t lose sight of strategy • Be flexible • And…

  16. Being a Good Steward to the Business BE CONSISTENT AND DON’T OVERCOMPLICATE!! http://xkcd.com/74/

  17. Questions? Questions?

More Related