Discussion: Information Governance
1. Information risk planning involves a number of progressive steps: identifying potential risks to information, weighing those risks, creating strategic plans to mitigate the risks, and developing those plans into specific policies. Then it moves to developing metrics to measure compliance levels and identifying those who are accountable for executing the new risk mitigating processes. These processes must be audited and tested periodically not only to ensure compliance, but also to fine tune and improve the processes.
The metrics you have developed to measure risk mitigation effectiveness must also be used for audit purposes. What are the process you will put in place to audit your compliance effort to see if your efforts are working? Is there a need to audit or examine the audit process and how often?
The business case for information governance (IG) programs has historically been difficult to justify. It is hard to apply a strict, short-term return on investment (ROI) calculation. A lot of time, effort, and expense is involved before true economic benefits can be realized. IT governance seeks to align business objectives with IT strategy to deliver business value.
2: Provide 2-3 page APA standard paper or why the business needs to drive the IG strategy and why there must constantly be an alignment. How would you approach implementing an IG strategy within an organization?
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.