vendredi 5 août 2011

JUGGLE WITH THE INFORMATION (NOT Information Technology) RISK

Why the IT Governance has failed?

We can read too:
" Whether we like it or not, information technology has become ubiquitous and essential in both ongoing operation and strategic development of almost all organizations. But information technology is troublesome – it can and frequently does go wrong and the consequences of failure can be serious. ''

' the current and future use of information technology includes significant risks for individuals, communities, corporations and governments. It is arguable that the scope of risk today extends to the environment and the entire world. ''

'' But, there is no convincing evidence that following any of the IT Governance guidelines will lead to superior business performance (Young, 2006). ''

SO...
1) To start: Definition
Information = Information in its most restricted technical sense is an ordered sequence of symbols that record or transmit a message. It can be recorded as signs, or conveyed as signals by waves. Information is any kind of event that affects the state of a dynamic system. As a concept, however, information has numerous meanings.[1] Moreover, the concept of information is closely related to notions of constraint, communication, control, data, form, instruction, knowledge, meaning, mental stimulus, pattern, perception, representation, and especially entropy.
BUT we can read too:
The English word was apparently derived from the Latin stem (information-) of the nominative (informatio): this noun is in its turn derived from the verb "informare" (to inform) in the sense of "to give form to the mind", "to discipline", "instruct", "teach": "Men so wise should go and inform their kings." (1330) Inform itself comes (via French informer) from the Latin verb informare, to give form, to form an idea of. Furthermore, Latin itself already contained the word informatio meaning concept or idea, but the extent to which this may have influenced the development of the word information in English is not clear.
Information technology (IT) = the word of computer/server/Internet, information system = datas = 0/1 = It's a tool, a support of know
Information technology (IT) is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications.[1] The term in its modern sense first appeared in a 1958 article published in the Harvard Business Review, in which authors Leavitt and Whisler commented that "the new technology does not yet have a single established name. We shall call it information technology (IT)."[2]
  
The information can be into computer/server/database, a head of human or on paper in a binder (regardless of support) = it's an asset for the corporate to achieve its business objectives
2) To continue: history
History of information = as old as the world human to achieve objectives
History of IT:
1975 = Bill Gates & Paul Allen form Micro-soft
1995 = I work whit Windows 3.1 and the coaxial network is the best... Internet, print in network and mail
2005 = Windows XP is around the World
2010 = Today
History of information technology (IT) director, the ''old'' CIO term:
maybe about 30 years... the first job description.
History of ''new'' CIO term:
Since the world distinguishes the information (regardless of support) from the IT... ISO27002 in 2005, ISO27005 in 2008, ISO31000 in 2009
effectively the work of CIO isn't just IT now...
Reason of CTO appear (the old CIO term)
A chief technology officer is a top corporate executive who makes decisions regarding the development and application of new technologies. He or she often oversees engineers and technical professionals in the research and design of new products and systems. In addition, the chief technology officer often becomes involved in marketing and accounting strategies that utilize information technology (IT) systems. He or she meets regularly with other executives to discuss the success of the business and determine ways to improve profits. In order to fulfill the vast responsibilities of a chief technology officer, an individual must have very strong leadership, communication, and problem solving skills.
3) Conclusion
The information (not IT) is the cornerstone... in computers (IT), on paper or in the heads of employees! It is this one we must properly use and protect. = it's an asset for the corporate to achieve its business objectives
The board must go back to basics (information), please!

--
Christophe Jolivet
ITIL, ABCP, CRISC, ISO 27001 Lead Implementer, ISO 27005 Risk Manager
Pr4gm4tique = Qui se fonde sur l'action, les résultats concrets et l'efficacité
Pr4gm4tic = Which is based on action, the concrete results and effectiveness
Incubator of:

mardi 2 août 2011

Gouvernance de l'information : Vision 2012 de SA.GOV.AU

A la recherche d'informations sur les rôles et responsabilités des CIO vs CTO et du CISO....

SA.GOV. AV est le gouvernement du sud de l'Australie.

Nous pouvons lire sur le site: '' By 2012 the Government of South Australia will be a role model for other Australian governments in the leadership and management of ICT by:
  • transforming government services so that citizens and businesses Ask Just Once to receive what they need from their government
  • enabling continuous improvement in the operational efficiency of government.
This will ensure that the community of South Australia will maintain their trust and confidence in the services and information provided by the Government of South Australia.''

http://www.sa.gov.au/government/entity/1670/About+us+-+Office+of+the+Chief+Information+Officer/Who+we+are/Vision+and+mission

ICT = Information Communication Technology (ICT)

Ailleurs sur le site on peut lire: 
Role of the CIO and CTO : ''The Chief Information Officer (CIO) is an advisor to the Minister for Infrastructure, Cabinet and the Senior Management Council on the value of Information Communication Technology (ICT) investments and prioritising ICT investment across-government. The CIO also assumes responsibility for the functions of Chief Technology Officer (CTO) and Principal Contract Administrator.''
Comment en 2012, le CIO peut-il assumer aussi les responsabilités d'un CTO?

A la recherche du rôle de CISO sur le site.... je ne trouve rien... par contre une multitude de politique, guides, normes sur la sécurité de l'information à caractère technologique... englobant la continuité des affaires, etc.

Rien sur la notion de gestion de la sécurité de l'information non numérique à l'échelle corporative.... Le CIO est encore un gestionnaire TI.

Qu'en pensez-vous?