-
What is the description of IT Governance?
A formal structure for how organizations align IT and business strategies such that the entity can accomplish its objectives
-
What are the 5 areas of IT focus according to the IT Governance Institute?
- Strategic Alignment = using IT to strategically benefit a business
- Value Delivery = provide more IT services at the beginning of a project; less near the end
- Resource Management = use IT to organize staff more efficiently, such as by skill rather than by line of business
- Risk Management = for measurement and management
- Performance Measures = for the IT dept itself, so that IT resources are used efficiently
-
What steps must be taken to ensure a business can resume operations following some type of disaster?
- Use a Business Impact Analysis (BIA) to identify --
- (1) which business units, depts, or processes are essential to the survival of the entity
- (2) estimate the financial impacts for each area assuming a worst-case scenario
- (3) est the intangible (operational) impacts for each business unit assuming a worst-case scenario
- (4) estimate recoveryy time for each business unit
-
What are the information resources by impact level?
- High Impact = the dept cannot operate without this IT resource, even for a short period of time. It will involve high recovery cost OR will harm the entity's mission or reputation.
- Medium Impact = the dept could work without the IT resource for a short duration (~7 days). It will experience some cost of recovery OR could harm the mission or the entity's reputation.
- Low Impact = the dept can continue but less efficiently. It may have an effect on the objectives.
-
What are the information risk levels of likelihood?
- High = the threat source is highly motivated and sufficiently capable, and controls to prevent the vulnerability are ineffective.
- Medium = the threat source is highly motivated and sufficiently capable, but there are controls in place to slow the vulnerability.
- Low = Either the threat lacks motivation or capability, or the controls are in place to prevent or significantly impede the threat.
-
What are the responsibilities of the IT Steering Committee?
- setting governing policies for IS systems in the company
- ensuring top management participation
- coordinating IT system with goals
-
What are the responsibilities of the Project Development Team
- monitor the project to ensure timely & cost-effective completion
- manage the human element such as resistance to chg
- manage internal and external stakeholder expectations
- communicate with users
- assess risk management and escalate issues that cannot be resolved
-
What are the responsibilities of process management?
selecting improvement initiatives
-
What are the responsibilities of the project sponsor?
This is an individual at the executive level of management who is responsible for allocating funding and resources to the project, and takes responsibility for overall project delivery.
-
What attributes of a project are contained in the scope baseline?
- The project's deliverables
- the amount of time required to complete the project
- The attributes that should be included
- The attributes that can be excluded
-
How is a monetary value determined for a risk event?
- The monetary amount that would occur to correct the problem x the risk probability.
- (Ex; $6,000 to correct the loss of IT software, .15 risk probability = $900 monetary loss)
|
|