ISACA India to Host IT Governance and Risk Conference 2013

The ISACA Chennai Chapter and the ISACA India Task Force are hosting the ISACA India Conference, (IIC) 2013, a two-day event themed “IT Governance, Risk Management and Compliance—Current and Future Trends.” Scheduled for 28-29 November 2013, IIC 2013 will focus on topical issues being faced by the IT industry and will share guidance and good practices for dealing with complex challenges and opportunities at a strategic and thematic level.

ISACA, a global association of 110,000 IT professionals, is bringing members of the business, IT governance, risk management and compliance community together for the conference to comprehensively discuss pressing matters pertaining to Big Data and data analytics, mobility, e-business in the information age, managing risks in embedded systems and more.

31 March : World BackUp day

On March 31, the Internet celebrates World BackUp day, which as per its name, celebrates the backing up of files from one’s computer.

http://www.worldbackupday.com asks the users to take this pledge

I solemnly swear to backup my important documents and precious memories on March 31st.I will also tell my friends and family about World Backup Day – friends don’t let friends go without a backup.

The simple campaign actually makes a lot of sense. The reason being that users today are in a greater risk of losing all their digital data to a computer hack, hard drives crash, virus attacks and other incidents.

Even though a trusty external hard disk can do the job in most cases, we believe that backing up essential data online is a safer bet. And for this, the Internet offers a plethora of efficient services.

How do I backup? (Tips from the campaign site)

Backing up is easy. Once set up, your data should be backing up automatically. You just need to check every once in a while to make sure your backups actually work. There are three main types of backup solutions:

LOCAL BACKUP

Every week, copy your most important files onto an external hard drive next to your desk, in your closet, or any other place where you can easily retrieve it.

You can even use Windows Backup (or Time Machine, if you have a Mac) to do this automatically!

OFFSITE BACKUP

Another automatic backup or an external hard drive that’s stashed at another location, such as a bank vault, friend’s house or even in a data center in another state. This protects your backup in case of theft, natural disaster or simple hardware failure.

CLOUD BACKUP

Similar to an offsite backup, this involves simply installing a small app on your computer to instantly and automatically copy your files to the internet. This makes multiple copies of your files at various places around the world, making it hard to lose any of your files.

It’s super simple and done instantly – you barely need to do anything! However, your backups can be a little bit of a pain to retrieve though (it’s a lot of stuff you have to download!) so having this option in conjunction with one of the above is a good, secure plan.

Things to backup

  • Computer
  • Laptop
  • Phone
  • iPod
  • Tablet
  • Other electronic devices
  • Photos and videos on social networks
  • and other online services.

Ways they can fail…and lose your data.

  • Theft
  • Hardware failure
  • Natural disaster
  • Alien invasion
  • Obsolete file formats
  • You forgot where you put it (really. it happens!)
Remember, always have a backup to back up your backup!

IT Governance: User engagement

Case 1: The Finance team has fully implemented a SaaS platform to meet their requirements. Fiance team is happy as they are able to meet the requirement of compliance even though the new system does not integrate with any other platform existing within the organization. The IT team is not happy to support another new system which has suddenly appeared out of blue. The issue is escalated to CIO who obviously unhappy about his IT Governance model has proven ineffective.

CIO raises the issue with the CEO, rightly, with all his concerns on IT Governance framework and CEO is happy with the business outcome and regulatory compliance achieved by finance department. CIO and IT department are told to oblige, triggering an “us versus them” mentality between IT and finance departments.

Case 2: A company engaged in highway services wins a contract to start tracking accident and error reports for a state highway, they can afford neither the time nor cost of that “big picture” approach of IT Governance toward a unified system vision. What is needed for them is to get staffing, supporting software and databases and start honouring the project. “IT Governance processes and mandates will put them at risk of missing all critical deadlines”, feel the people engaged in the project delivery, “and IT Governance is useful in preventing unnecessary IT procurement but not in preventing silos.”

The TRUTH
ITG

IT Governance is really about business governance. Whether it is a new project or a new platform or application to be implemented, the goals of organizations should have clear components of each business unit – IT or HR or Finance etc and IT being an enabling partner of the business, should focus upon realizing the business benefits. IT should accomplish this by collaboratively establishing an IT governance process by actively engaging the business users. The processes and policies, designed as a part of IT governance implementation, are to be adopted by all and not just IT. It is not just involving users when the policy is framed, it is critical to have business users outside IT to actively involve in the meetings of the ongoing governing body.

Creating governance without user engagement will spell disaster for IT governance process.Compliance requires buy-in and that means soliciting end-user opinions especially when specifying rules, regulations, policies, orders, demands, mandated sequential small steps that are actually big policy changes, and so on.

User engagement also include conducting regular awareness and training programs for users where the policy, procedures, business goals and requirements need to be effectively communicated to the users.