slide1
Download
Skip this Video
Download Presentation
Providing Value: Where Do You Stand with the C-Suite?

Loading in 2 Seconds...

play fullscreen
1 / 18

Providing Value: Where Do You Stand with the C-Suite? - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Providing Value: Where Do You Stand with the C-Suite?. Session 12 Matt Schmidt & Dr. Chip Council December 3 rd , 2008 – 1:00PM. Presentation Overview. Overall Value Goals ROI & Measuring Success Monitoring Investments & Tools Being a Good Steward to the Business. Providing Value: Goals.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Providing Value: Where Do You Stand with the C-Suite?' - georgina-vernon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
providing value where do you stand with the c suite
Providing Value: Where Do You Stand with the C-Suite?

Session 12

Matt Schmidt & Dr. Chip Council

December 3rd, 2008 – 1:00PM

presentation overview
Presentation Overview
  • Overall Value Goals
  • ROI & Measuring Success
  • Monitoring Investments & Tools
  • Being a Good Steward to the Business
providing value goals
Providing Value: Goals
  • Supported by management
  • Integrated in enterprise risk management processes
  • Maturity
a tragedy of the commons free it
A Tragedy of the Commons: Free IT!
  • As an organization grows, the demand for IT grows
  • Some demands will go unmet
  • Dissatisfaction can lead to turnover, low morale, etc.
  • A finite resource subjected to infinite demand must fail.
a tragedy of the commons it budgeting
A Tragedy of the Commons: IT Budgeting
  • Many companies still use a model of a centralized budget for IT funding
    • Business = supplicants for budget dollars
    • IT = custodians of IT budget
  • Both groups are measured by differing standards
    • Business = revenue, market share, cost reduction
    • IT = how the budget was managed
example security policy standards
Example: Security Policy/Standards
  • Three Degrees of Policy (AAA)
    • Absent…one extreme
    • Aspirational…to the other
    • Appropriate…just right

"Best practice is intended as a default policy for those who don\'t have the necessary data or training to do a reasonable risk assessment."                                                    --George Spafford

what is roi
What is ROI?
  • The complete benefit from an investment
  • This includes risk mitigated
  • To be complete it must include an assessment of both tangibles and intangibles
  • KEY THOUGHT: Intangibles CAN BE MEASURED!
why is complete roi important
Why is Complete ROI Important?
  • Worthy projects are not getting funding
  • CFOs have become highly skeptical of soft benefits
  • CFOs are insisting on hard, tangible returns for each investment
  • Research shows that up to 90% of the costs and benefits of IT investments are intangibles
  • Firms are sacrificing their long-term growth to make their short-term numbers.

-Source- Erik Brynjolfsson, management professor at MIT\'s Sloan School of Management

are capabilities intangible
Are Capabilities Intangible?
  • Example of Capabilities?
    • Capability of identifying intrusions with immediate notification
    • Capability of disabling privileged access directly from the HR System
    • Capability to prove Compliance
  • How do we measure the impact of the capability?
how to measure success
How To Measure Success
  • Establish goals prior to an effort
  • Goals must be measurable
  • Use of “Performance” and “Goal” indictors
  • Must be understood by non-technical management
create a governance committee
Create a Governance Committee
  • Focus on agility and results
  • The Structure of the committee
  • Who should be on the committee
  • How often should they meet
  • Ensure clear communication to the top
  • Determine Success Factors
how to monitor investments val it
How to Monitor Investments – Val-IT
  • Allows organizations to get business value from IT investments
  • Provides a governance framework
  • Includes a set of guiding principles
  • A number of processes conforming to those principles
  • A further defined set of key management practices.
economic issues it governance
Economic Issues & IT Governance
  • IT Governance surfaces/resurfaces during times of economic crisis
    • Survival mode: Marching orders to CUT, CUT, CUT!
    • Uninformed decisions often produce adverse results
  • Keys
    • Prioritization
    • Smart use of resources

*Just as critical during times of growth and prosperity*

being a good steward to the business
Being a Good Steward to the Business
  • Speak the language of the business
    • Talk in terms of risk
    • Save the technospeak for /. responses
  • Credibility
    • Security management needs to establish at C-level
    • Give honest feedback
being a good steward to the business1
Being a Good Steward to the Business
  • Understand how the business interprets ROI
    • Most likely different than Information Security
    • Difficult to quantify security benefits
  • Don’t lose sight of strategy
  • Be flexible
  • And…
being a good steward to the business2
Being a Good Steward to the Business

BE CONSISTENT AND

DON’T OVERCOMPLICATE!!

http://xkcd.com/74/

questions
Questions?

Questions?

ad