strategic information management principles

Copyright © 1995-2009 Kenneth P. Mortensen, Esq.

1

strategic information managementa framework for privacy and security safeguards

Professor Kenneth P. MortensenCyber Risk & Information Security Conference16 June 2009Whitman School of ManagementSyracuse University


2

strategic information management

• What is Strategic?• What is Information?• What is Management?

• What does Strategic Information Management mean for the Enterprise?


3

what is strategic?

• Focuses on building a solid underlying structure for an enterprise put into effect through enterprise action.

• Understand the ultimate goals are for the enterprise.

• Discover the best methods to achieve those objectives.

• Put in place the resources to implement the methods and attain the goals.


4

what is information?

• In literal etymological terms, information means to give form to something.

• In business terms, the word focuses on the ability to transmit knowledge by providing form to a message by casting it into a profile or pattern for communication (sharing).

• Definitions for information can be grouped roughly into quantitative and qualitative categories.– The qualitative definitions focus on the criteria which add

meaning to the message that is communicated– The quantitative definitions focus on measuring the

quantity of information units or the strength of its transmission.


5

what is management?

• Management is the process of getting activities completed efficiently and effectively through the enterprise.

• The goal (function) of management is to get the best return on enterprise resources by getting things done efficiently.

• There are four basic pillars: plan, organize, direct, and monitor.


6

the management

Information in the Enterprise


7

information management

• Old way of managing information.• Protect critical value information

from misuse, theft, loss, or disclosure.

• Ensure compliance with statutory and regulatory requirements.

• Certify the accuracy, integrity, and reliability of information.


8

information management

• Siloed Management– Customer Data – Sales Management– Communications – IT Department– Intellectual Property – General Counsel– Employee Data – Human Resources– Research Information – R&D Department– Demographics – Marketing– Process Data – Operations– Financial Information – Accounting Dep’t


9


• Concepts– Information as an enterprise asset– Risk minimization approach– Cost and benefit analysis– Priority deconfliction– Data safeguards– Right info to the right people at the

right time


10


• To make it work:– Information represents the highest level

asset of any organization– 360° approach to dealing with information– Consideration of entire information

lifecycle– Comprehensive facilitation of

management

• Creates competitive advantage


11

information as an asset

• Information is a critical asset of the enterprise.

• All the information, not just the traditional highly-valued information like trade-secrets, financial data, or CRM info.

• Focus has been on developing compliance; chasing the regulations instead of leading the innovation.


12


• Information value-add– Internal resources– Business intelligence– Market aggregation

• Personally Identifiable Information– Can no longer view in data silos– Linkable information recreates identity


13


• Strategic– Information as an enterprise resource

• Information– All the information of the enterprise.

• Management– Capture enterprise efficiency


14

risk minimization

• Risk and legal environment complex and diverse

• Global in scale with specific inconsistencies– Sector-based v. Individual-based– Operations-focused v. Need-focused

• Need wide ranging policy to capture not only data protection, but also data compliance


15

risk minimization

• Legal compliance does not minimize risk to the organization.

• Coordination of effort to address more than one facet of risk.

• Look to all functionalities of the enterprise to understand impact of the risks associated with the enterprise resource.


16

risk minimization

• Strategic– Enterprise governance of information

• Information– All aspects of information in the

enterprise

• Management– De-confliction to ensure governance

efficiency


17

facilitate decision-making

• Break down barriers and let information spill over borders of the functions of the enterprise.

• Permit fulsome sharing of information across enterprise to provide wider view of actions and interactions.

• Reconcile competing priorities.


18


• Individualized decision-making through limited access to information isolates the decision-maker.

• Functional decisions made with a single set of information compromise enterprise decision-making.

• Fuller cost-benefit analysis is available.


19


• Strategic– Process-based use of information

• Information– “Unlimit” information supporting

decisions

• Management– Reconcile competing interests in

information


20

total quality management

Dr. Deming’s Model to Improve Business Operations


21

total quality management

• “What is a system? A system is a network of interdependent components that work together to try to accomplish the aim of the system. A system must have an aim. Without an aim, there is no system. The aim of the system must be clear to everyone in the system. The aim must include plans for the future. The aim is a value judgment.”

Dr. W. Edwards DemingThe New Economics for Industry, Government,

Education


22

Dr. W. Edwards Deming

• is best known as the person who taught Japan about quality and helped make “Made in Japan” a statement of quality with his theory of management after they were devastated by World War II.

• taught at New York University, assisted companies, and ran four-day seminars on quality management.

• was famous (or infamous) for his intensity and uncanny ability to go to the core of a problem instantly.


23

tqm concepts

• Apply appropriate management principles to increase quality and production.

• Focus on continual improvement for the system and not the individual components.

• Total involvement by management and workers to improve.

• Enabled workforce enhances quality.


24

fourteen principles

Underlying Principles for Strategic Information Management


25

tqm applied to strategic information management

• "The prevailing style of management must undergo transformation. A system cannot understand itself. The transformation requires a view from outside. The aim of this chapter is to provide an outside view—a lens—that I call a system of profound knowledge. It provides a map of theory by which to understand the organizations that we work in.”

Dr. W. Edwards Deming


26


• System of Profound Knowledge:– Appreciation of a system: understanding the

overall processes involving enterprise stakeholders;

– Knowledge of variation: the range and causes of variation in quality, and use of statistical sampling in measurements;

– Theory of knowledge: the concepts explaining knowledge and the limits of what can be known;

– Knowledge of psychology: concepts of human nature.


27


• One need not be eminent in any part nor in all four parts in order to understand it and to apply the System of Profound Knowledge.

• The 14 points for management in industry, education, and government follow naturally as application of this outside knowledge, for transformation from the present style of … [information] management to one of optimization.


28

14 principles - one

• Create constancy of purpose– Find the strategic connections for the

information held by the enterprise.– Work toward management of the

information in a consistent manner.– Replace short-term goal creation with

long-term goal planning


29

14 principles - two

• Adopt the new philosophy– Internal leadership must recognize the

value of treating and using the information in the enterprise as a critical asset.

– Ensure that the policies adopted at the top, must provide for effective and understandable implementation throughout the workforce.

– Leadership must lead the change.


30

14 principles - three

• Cease dependence on audits to ensure compliance– Incorporate the management goals into

the processes that handle the information.

– Focus on information flow and not information stop-points

– Understand the uses of information across the enterprise.


31

14 principles - four

• End the practice of using cost, expense, or price to determine benefit– Recognize the return on the investment

of managing information across the entire enterprise.

– Accept that short-term savings equal long-term costs.

– Factor in value to determine benefit.


32

14 principles - five

• Improve constantly and forever– Continuously improve the processes

underlying the management of the information in the enterprise.

– Institute a change management structure to ensure implementation across the enterprise.

– Integration the management procedures with the operational needs of the enterprise.

– Reduce variation in the management


33

14 principles - six

• Institute constant training for the entire workforce– Ensure that all parts of the workforce

understand and comprehend the strategic model for the management of information in the enterprise.

– Do not limit training to periodic episodes, but integrate as part of change management and risk controls.


34

14 principles - seven

• Institute leadership– The leadership of the enterprise must

embrace a culture of strategic information management

– The aim of enterprise leadership should be to help the workforce embed the concepts of strategic information management into the business model.


35

14 principles - eight

• Drive out fear– Apprehension of punishment should not be

the incentive to ensure compliance or proper handling of the information in the enterprise.

– Recognition of the incorporation of core competencies into workforce processes .

– Problems represent failures in leadership – training and processes should be examined.


36

14 principles - nine

• Break down barriers– Nothing can be accomplished until the

components of the enterprise relinquish ownership control.

– Focus on the stewardship of information for the enterprise.

– Incorporate all components in the decision-making process.


37

14 principles - ten

• Eliminate slogans and targets– Recognize that leadership and the

building of a core competency within the enterprise drives the minimization of risk and control of cost.

– Facilitate improvement do not create adversarial relationships between management and workers; departments; or business and customers


38

14 principles - eleven

• Eliminate management by objective– Strategic implementation goes beyond

the tactical deployment of independent processes.

– Remove focus on standards, substitute leadership and the integration of priorities of the entire enterprise.

– Do not assume past goals represent current objectives.


39

14 principles - twelve

• Remove barriers to pride in achievement– Provide opportunity to acknowledge the

accomplishments of the entire enterprise in the handling of information.

– Target investment to assist not just reward achievements that enhance the underlying processes by building the link between the information assets and change management.


40

14 principles - thirteen

• Institute a vigorous program of education and self-improvement– Go beyond training, but provide for an

understanding of the criticality of information to the enterprise.

– Provide for cross-functional learning to enhance understanding of needs and uses of information throughout the enterprise.


41

14 principles - fourteen

• Put everyone in the enterprise to work to accomplish the transformation– Building of a enterprise core

competency requires that all levels and functions of the enterprise work together toward the implementation.

– Leadership from all is required to instill the courage to break with tradition.


42

impediments

What must be overcome for Strategic Information Management?


43

seven wastes (7 deadly sins)

• Lack of constancy of purpose. • Emphasis on short-term gains. • Evaluation by performance or audit on

periodic basis. • Mobility of management. • Running an enterprise on visible figures

alone. • Excessive security costs. • Excessive costs of management, fueled

by inconsistency in global regulatory structure.


44

a lesser category of obstacles

• Neglecting long-range planning. • Relying on technology to solve

problems. • Seeking examples to follow rather

than developing solutions. • Excuses, such as "Our problems are

different."


45

conclusion

Where do we go from here?


46

strategic information management in practice

• Strategic management of information across the enterprise addresses not only the need to minimize the risk to the enterprise, but by establishing all the information as an enterprise resource, introducing effective efficiencies into the decision-making processes enhancing the return on the investment in information.


47

contact information

• Kenneth P. Mortensen, Esq.• Email: [email protected]• Phone: (202) 441-0204• Web: www.kenmortensen.com• Presentation:

www.strategicinfomgmt.com

mailto:[email protected]

http://www.kenmortensen.com/

http://www.strategicinfomgmt.com/


48

resources

• Bruening, Sotto, Abrams, & Cate, Strategic Information Management, 7 Privacy & Security L. Rep. 1361 (September 15, 2008)

• W. Edwards Deming, Out of Crisis (1986).• W. Edwards Deming, The New Economics

for Industry, Government, Education (1993).• Mary Walton, The Deming Management

Method (1986).• Edward Baker, Scoring a Whole in One:

People in Enterprise Playing in Concert (1999).

strategic information management principles

Documents

reliability of information

information spill

valued information

data siloslinkable information

critical value information

quantity of information

enterprise resources

enterprise action