Database Reference
In-Depth Information
In the managing information security management aspects of the CIO's responsibility,
we can leverage some standard references, for example, ISO 27000, the International
Standards Organization's standard on information security management systems and
Federal Information Security Management Act, which requires each federal agency to
develop, document, and implement an agency-wide program to provide information
security for the information and information systems that support the operations
and assets of the agency, including those provided or managed by another agency,
contractor, or other source (for more in
formation, see
http://csrc.nist.gov/
groups/SMA/fism
a/overview.html
). These standards will be looked at in more
detail when we look at security governance but are mentioned here to point out that
security governance is part of IT governance.
IT project portfolio planning
Next, we establish the alignment of the projects running within the IT Department
with the IT balanced scorecard that we have developed with the CIO and the Chief
Security Officer. We will use Oracle's
Project Portfolio Analysis tool
to gather the
project portfolios from the IT Directors, and then score, prioritize, and rank the
projects. We will show where the cut-off point for the ranked projects is the limit of
what is achievable with the available resources and funding. The following diagram
shows the process for prioritizing a project portfolio:
Create and
Initiate
Planning Cycle
Collect Projects
and Build
Scenarios
Create
Portfolio
Compare
Scenarios
Recommend
Scenario
6
1
2
4
5
Submit
Projects
Submit
Plan
3
7
Approve
Plan
8
Close
Planning
Cycle
9
Search WWH ::
Custom Search