SlideShare una empresa de Scribd logo
1 de 11
Descargar para leer sin conexión
Take a Portfolio Approach to Policy Management.
Find the right balance between risk mitigation and operational efficiency.
The need for a new policy is generally initiated in response to a new regulatory compliance standard or industry framework, or because of a mandate from the business which requires some degree of guidance over a new initiative.
Approaching policy creation in this reactive manner often results in an excessive number of documents that are narrow in scope and don’t address the underlying risk.
Policies lag behind changing business and technology demands and compliance requirements.
Employees complain that policies restrict them from doing their job.
A study by Cisco showed that the majority of employees and IT Professionals believe that their organization’s security policies need improvement and updating:
o 47% of employees believe their policies need updating.
o 77% of IT professionals believe their policies need updating.
“A lot of employees are saying, 'This is the way I'm working now,' so a lot of these IT policies need to catch up.” - John Maddison, Vice President of Marketing, Fortinet Inc.
Source: TechTarget, “Survey: IT's cloud, BYOD policies don't deter Gen Y use.”
Manage your policies like a portfolio.
· Think of your portfolio of policies like a high-powered engine. Policies should work together like a well-oiled machine.
You need a framework for establishing the right mix of IT policies to adequately support the business while mitigating risks.
Find the right balance by managing your policies like a portfolio.
o The need for policies should be driven by risks and their impact on your processes.
o You don’t need a policy for everything; focus your efforts on policies that mitigate your greatest risks.
Your policies should be consistent with one another and provide adequate coverage of your greatest risks without becoming redundant or overwhelming to the user population.
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
Take a Portfolio Approach to Policy Management
http://www.infotech.com/research/ss/take-a-portfolio-approach-to-
policy-management

Más contenido relacionado

Más de Info-Tech Research Group

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionInfo-Tech Research Group
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleInfo-Tech Research Group
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapInfo-Tech Research Group
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramInfo-Tech Research Group
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationInfo-Tech Research Group
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureInfo-Tech Research Group
 
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsInfo-Tech Research Group
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyInfo-Tech Research Group
 
Implement an enterprise service bus revised
Implement an enterprise service bus    revisedImplement an enterprise service bus    revised
Implement an enterprise service bus revisedInfo-Tech Research Group
 

Más de Info-Tech Research Group (20)

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sample
 
Optimize Change Management
Optimize Change ManagementOptimize Change Management
Optimize Change Management
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure Roadmap
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
 
Standardize the Service Desk
Standardize the Service DeskStandardize the Service Desk
Standardize the Service Desk
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and Prioritization
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration Infrastructure
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
 
Info-Tech Membership Overview
Info-Tech Membership OverviewInfo-Tech Membership Overview
Info-Tech Membership Overview
 
Define an EA Operating Model
Define an EA Operating ModelDefine an EA Operating Model
Define an EA Operating Model
 
Become a Transformational CIO
Become a Transformational CIOBecome a Transformational CIO
Become a Transformational CIO
 
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration Strategy
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management Strategy
 
Implement an enterprise service bus revised
Implement an enterprise service bus    revisedImplement an enterprise service bus    revised
Implement an enterprise service bus revised
 
Implement a Shared Services Model
Implement a Shared Services ModelImplement a Shared Services Model
Implement a Shared Services Model
 
Assess and Optimize EA Capability
Assess and Optimize EA CapabilityAssess and Optimize EA Capability
Assess and Optimize EA Capability
 

Último

Roadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint PresentationRoadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint Presentationgdscghrcem
 
How the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioHow the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioChristopher Totten
 
Performance Management Notes for MBA Students
Performance Management Notes for MBA StudentsPerformance Management Notes for MBA Students
Performance Management Notes for MBA StudentsManickam Gajapathy
 
HR for Non HR_Performance Management System
HR for Non HR_Performance Management SystemHR for Non HR_Performance Management System
HR for Non HR_Performance Management Systemazischin
 
Improving Operations through Observation and Gemba Walks
Improving Operations through Observation and Gemba WalksImproving Operations through Observation and Gemba Walks
Improving Operations through Observation and Gemba WalksCIToolkit
 
Tackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanTackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanStefan Wolpers
 
The Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectThe Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectCIToolkit
 
HR for Non HR_Learning and Development.
HR for Non HR_Learning  and Development.HR for Non HR_Learning  and Development.
HR for Non HR_Learning and Development.azischin
 
Forget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsForget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsStephan Koning
 
Analyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingAnalyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingCIToolkit
 
Value Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationValue Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationCIToolkit
 
Making Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsMaking Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsCIToolkit
 
An Important Step Toward Process Improvement
An Important Step Toward Process ImprovementAn Important Step Toward Process Improvement
An Important Step Toward Process ImprovementCIToolkit
 
From Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMFrom Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMGloria Chow
 
A3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingA3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingCIToolkit
 
Test_document_upload_SQL_minimum_fourteen
Test_document_upload_SQL_minimum_fourteenTest_document_upload_SQL_minimum_fourteen
Test_document_upload_SQL_minimum_fourteenolgaz9
 
Mapping Customer Expectations Through Kano Analysis
Mapping Customer Expectations Through Kano AnalysisMapping Customer Expectations Through Kano Analysis
Mapping Customer Expectations Through Kano AnalysisCIToolkit
 
Organizations in a Future with Generative AI
Organizations in a Future with Generative AIOrganizations in a Future with Generative AI
Organizations in a Future with Generative AIKye Andersson
 

Último (20)

Roadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint PresentationRoadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint Presentation
 
How the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioHow the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the Studio
 
Performance Management Notes for MBA Students
Performance Management Notes for MBA StudentsPerformance Management Notes for MBA Students
Performance Management Notes for MBA Students
 
HR for Non HR_Performance Management System
HR for Non HR_Performance Management SystemHR for Non HR_Performance Management System
HR for Non HR_Performance Management System
 
Improving Operations through Observation and Gemba Walks
Improving Operations through Observation and Gemba WalksImproving Operations through Observation and Gemba Walks
Improving Operations through Observation and Gemba Walks
 
The Truth About Influence
The Truth About InfluenceThe Truth About Influence
The Truth About Influence
 
Tackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanTackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna Rothman
 
The Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectThe Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and Effect
 
HR for Non HR_Learning and Development.
HR for Non HR_Learning  and Development.HR for Non HR_Learning  and Development.
HR for Non HR_Learning and Development.
 
Forget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsForget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outs
 
Analyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingAnalyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value Mapping
 
Capacity2 - Briefing and Facilitation training slides
Capacity2 - Briefing and Facilitation training slidesCapacity2 - Briefing and Facilitation training slides
Capacity2 - Briefing and Facilitation training slides
 
Value Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationValue Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process Optimization
 
Making Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsMaking Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity Diagrams
 
An Important Step Toward Process Improvement
An Important Step Toward Process ImprovementAn Important Step Toward Process Improvement
An Important Step Toward Process Improvement
 
From Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMFrom Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EM
 
A3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingA3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem Solving
 
Test_document_upload_SQL_minimum_fourteen
Test_document_upload_SQL_minimum_fourteenTest_document_upload_SQL_minimum_fourteen
Test_document_upload_SQL_minimum_fourteen
 
Mapping Customer Expectations Through Kano Analysis
Mapping Customer Expectations Through Kano AnalysisMapping Customer Expectations Through Kano Analysis
Mapping Customer Expectations Through Kano Analysis
 
Organizations in a Future with Generative AI
Organizations in a Future with Generative AIOrganizations in a Future with Generative AI
Organizations in a Future with Generative AI
 

Take a Portfolio Approach to Policy Management

  • 1. Take a Portfolio Approach to Policy Management. Find the right balance between risk mitigation and operational efficiency. The need for a new policy is generally initiated in response to a new regulatory compliance standard or industry framework, or because of a mandate from the business which requires some degree of guidance over a new initiative. Approaching policy creation in this reactive manner often results in an excessive number of documents that are narrow in scope and don’t address the underlying risk. Policies lag behind changing business and technology demands and compliance requirements. Employees complain that policies restrict them from doing their job. A study by Cisco showed that the majority of employees and IT Professionals believe that their organization’s security policies need improvement and updating: o 47% of employees believe their policies need updating. o 77% of IT professionals believe their policies need updating. “A lot of employees are saying, 'This is the way I'm working now,' so a lot of these IT policies need to catch up.” - John Maddison, Vice President of Marketing, Fortinet Inc. Source: TechTarget, “Survey: IT's cloud, BYOD policies don't deter Gen Y use.” Manage your policies like a portfolio. · Think of your portfolio of policies like a high-powered engine. Policies should work together like a well-oiled machine. You need a framework for establishing the right mix of IT policies to adequately support the business while mitigating risks. Find the right balance by managing your policies like a portfolio. o The need for policies should be driven by risks and their impact on your processes. o You don’t need a policy for everything; focus your efforts on policies that mitigate your greatest risks. Your policies should be consistent with one another and provide adequate coverage of your greatest risks without becoming redundant or overwhelming to the user population.