Today, more than ever, with the increasing number of cybersecurity attacks on government organizations and threats of data breaches to the privacy of government officials and their staffs, and government contractor staffs, strong IT Governance based on sound IT risk management is critical to restoring confidence in the security and privacy protections provided by our Federal Government. This is no longer purely an IT technology issue but an issue that must be addressed at the top layers of government – from the “overseers” of IT policy (e.g., Office of Management and Budget (OMB), National
To start, guiding principles can ensure that all staff have a common understanding of the core IT Governance criteria. These guiding principles let staff know that IT Governance is recognized by the C-Suite as critical to the organization’s success, and that IT resources result in maximum effectiveness and efficiency across the organization. It ensures that security is integrated in meeting requirements and delivers benefits set by an organization’s business leaders.
This consists of a definition of IT Governance communicated throughout the agency, and the establishment of a new organizational structure to ensure the IT Governance Program is effective and continuously improved. Continuing with the Veterans Affairs Department (VA) example discussed in the previous blog, below is the definition VA developed and a generic discussion of the organizational structure that VA adopted. The VA model provides an excellent example for agencies to consider as they implement IT governance.
This post is the fourth in a series on how strong IT Governance can help drive effective security across Federal enterprises. See the first installment. In the first example, a federal agency needed to transform the way it governed and managed IT within the Department. It created three boards: an IT Leadership Board, a Budgeting and Near Term Issues Board, and a Programming and Long Term Issues Board.