Suomen riskienhallintayhdistyksen jäsentilaisuus



Samankaltaiset tiedostot
7. Product-line architectures

SOA SIG SOA Tuotetoimittajan näkökulma

Enterprise Architecture TJTSE Yrityksen kokonaisarkkitehtuuri

7.4 Variability management

Capacity Utilization

TietoEnator Pilot. Ari Hirvonen. TietoEnator Oyj. Senior Consultant, Ph. D. (Economics) presentation TietoEnator 2003 Page 1

ProAgria. Opportunities For Success

Skene. Games Refueled. Muokkaa perustyyl. for Health, Kuopio

Innovative and responsible public procurement Urban Agenda kumppanuusryhmä. public-procurement

CIO muutosjohtajana yli organisaatiorajojen

CASE POSTI: KEHITYKSEN KÄRJESSÄ TALOUDEN SUUNNITTELUSSA KETTERÄSTI PALA KERRALLAAN

TIEKE Verkottaja Service Tools for electronic data interchange utilizers. Heikki Laaksamo

LIIKETOIMINNAN JATKUVUUDEN VARMISTAVAT PALVELURATKAISUT Simo Leisti Myyntijohtaja, IBM teknologiapalvelut

Data Quality Master Data Management

KOMPETENSSIT. Koulutus Opiskelija Tuuttori. Business Information Technologies. NQF, Taso 6 - edellyttävä osaaminen

Aalto-yliopiston laatujärjestelmä ja auditointi. Aalto-yliopisto Inkeri Ruuska, Head of Planning & Management Support

HITSAUKSEN TUOTTAVUUSRATKAISUT

Arkkitehtuuritietoisku. eli mitä aina olet halunnut tietää arkkitehtuureista, muttet ole uskaltanut kysyä

Hankkeen toiminnot työsuunnitelman laatiminen

Network to Get Work. Tehtäviä opiskelijoille Assignments for students.

BLOCKCHAINS AND ODR: SMART CONTRACTS AS AN ALTERNATIVE TO ENFORCEMENT

Improving advisory services through technology. Challenges for agricultural advisory after 2020 Jussi Juhola Warsaw,

ECVETin soveltuvuus suomalaisiin tutkinnon perusteisiin. Case:Yrittäjyyskurssi matkailualan opiskelijoille englantilaisen opettajan toteuttamana

Visualisoinnin aamu 16.4 Tiedon visualisointi. Ari Suominen Tuote- ja ratkaisupäällikkö Microsoft

Internet of Things. Ideasta palveluksi IoT:n hyödyntäminen teollisuudessa. Palvelujen digitalisoinnista 4. teolliseen vallankumoukseen

Organisaation kokonaissuorituskyvyn arviointi

Hankkeiden vaikuttavuus: Työkaluja hankesuunnittelun tueksi

On instrument costs in decentralized macroeconomic decision making (Helsingin Kauppakorkeakoulun julkaisuja ; D-31)

Automaatiojärjestelmän hankinnassa huomioitavat tietoturva-asiat

AYYE 9/ HOUSING POLICY

ECSEL - Electronic Components and Systems for European Leadership

ISEB/ISTQB FOUNDATION CERTIFICATE IN SOFTWARE TESTING III

Efficiency change over time

The CCR Model and Production Correspondence

Kokonaisarkkitehtuurin omaksuminen: Mahdollisia ongelmakohtia ja tapoja päästä niiden yli

Toimitusketjun vastuullisuus ja riskien hallinta

Tuloksia ja kokemuksia / results and experiences

VTT and growth oriented SME companies

Ostamisen muutos muutti myynnin. Technopolis Business Breakfast

Information on preparing Presentation

Hoitotyön johtajuuden ulottuvuudet eri tasoilla. Paula Asikainen Hallintoylihoitaja, dosentti, emba

Kasvustrategia-hanke Strategy and Board Initiative (SBI)

Projektinhallinta: riskeihin varautuminen

Collaborative & Co-Creative Design in the Semogen -projects

Tietohallintomalli Kokemukset ja yhteensopivuus kansainvälisiin käytäntöihin Katri Riikonen, Head of CIO Innovation Center

Palvelukonsepteja korjausrakentamiseen muilta toimialoilta - liiketoiminta- ja verkostotutkijan näkemys korjaamiseen

Smart specialisation for regions and international collaboration Smart Pilots Seminar

GOOD WORK LONGER CAREER:

TESTAUSPROSESSIN ORGANISOINNIN KONSEPTIMALLI. Luonnos mukautuvalle referenssimallille

NBS projektin tilannekatsaus. Tasevastaavapäivä Pasi Aho

Constructive Alignment in Specialisation Studies in Industrial Pharmacy in Finland

TU-C2030 Operations Management Project. Introduction lecture November 2nd, 2016 Lotta Lundell, Rinna Toikka, Timo Seppälä

Olet vastuussa osaamisestasi

T Software Architecture

Making diversity manageable. Miradore. Käytännön kokemuksia rahoituksen hakemisesta. Tiistai Technopolis Vapaudenaukio / Lappeenranta

Laatu yritystoiminnan ytimessä. Junnu Lukkari

A Plan vs a Roadmap. This is a PLAN. This is a ROADMAP. PRODUCT A Version 1 PRODUCT A Version 2. PRODUCT B Version 1.1. Product concept I.

WAMS 2010,Ylivieska Monitoring service of energy efficiency in housing Jan Nyman,

Indoor Environment

A new model of regional development work in habilitation of children - Good habilitation in functional networks

IoT-platformien vertailu ja valinta erilaisiin sovelluksiin / Jarkko Paavola

Ohjelmien kehittämisstudiot varmistavat laadukkaat ja linjakkaat maisteriohjelmat Maire Syrjäkari ja Riikka Rissanen

Tietohallinnon liiketoimintalähtöinen toiminnanohjaus IT-ERP

Asiantuntijoiden osaamisen kehittäminen ja sen arviointi. Anne Sundelin Capgemini Finland Oy

Teollinen markkinointi ja kansainvälinen liiketoiminta. Pääaineen esittely

Miehittämätön meriliikenne

Millaisia mahdollisuuksia kyberturva tarjoaa ja kenelle? Ja mitä on saatu aikaan?

Rakentamisen 3D-mallit hyötykäyttöön

Technische Daten Technical data Tekniset tiedot Hawker perfect plus

WP3 Decision Support Technologies

Tarua vai totta: sähkön vähittäismarkkina ei toimi? Satu Viljainen Professori, sähkömarkkinat

Jyrki Kontio, Ph.D

Suomen 2011 osallistumiskriteerit

The Enterprise Architecture Journey

Prosessien kehittäminen. Prosessien parantaminen. Eri mallien vertailua. Useita eri malleja. Mitä kehitetään?

Digitalisaation ja IT:n johtamisen vaatimat kyvykkyydet ja osaamisen kehittäminen

Norpe Winning Culture

16. Allocation Models

Standard Business Reporting (SBR) and diminishing the Administrative Burden for companies

Siitä pienestä erosta, mikä onkin iso

HAY GROUPIN PALKKATUTKIMUS

Infrastruktuurin asemoituminen kansalliseen ja kansainväliseen kenttään Outi Ala-Honkola Tiedeasiantuntija

RANTALA SARI: Sairaanhoitajan eettisten ohjeiden tunnettavuus ja niiden käyttö hoitotyön tukena sisätautien vuodeosastolla

Helsinki Metropolitan Area Council

On instrument costs in decentralized macroeconomic decision making (Helsingin Kauppakorkeakoulun julkaisuja ; D-31)

RAIN RAKENTAMISEN INTEGRAATIOKYVYKKYYS

Tutkimusdata ja julkaiseminen Suomen Akatemian ja EU:n H2020 projekteissa

Ketterämpi Sonera Matka on alkanut!

Teknologia-arkkitehtuurit. Valinta ja mallinnus

BOARD PROGRAM Hallitusohjelma

The role of 3dr sector in rural -community based- tourism - potentials, challenges

BDD (behavior-driven development) suunnittelumenetelmän käyttö open source projektissa, case: SpecFlow/.NET.

HUMAN RESOURCE DEVELOPMENT PROJECT AT THE UNIVERSITY OF NAMIBIA LIBRARY

Mikä se on ja miten sitä käytetään? Aki Lähteenmäki Justin Group Oy

Hankkeen toiminnot & työsuunnitelma. Strategisten kumppanuushankkeiden työpaja

Älykkäämmät integraatiot palveluväylän avulla

Copernicus, Sentinels, Finland. Erja Ämmälahti Tekes,

PROJEKTI- PÄÄLLIKÖSTÄ PRODUCT OWNERIKSI MEERI CEDERSTRÖM

Suomalainen koulutusosaaminen vientituotteena

Green Growth Sessio - Millaisilla kansainvälistymismalleilla kasvumarkkinoille?

Transkriptio:

IBM Suomen riskienhallintayhdistyksen jäsentilaisuus Liiketoiminnan IT-riskien hallinta ja IT riskienhallinnan tukena IBM Corporation 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 2 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 3 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Good governance reduces and reviels the risks Business Strategy Mission, Vision, Strategy IT Board IT Strategy Investments, Policies, Guidelines Business IT Business Relationship CIO Office Controlling, Risk mgmt IT Architecture Architecture Decisions Business Requirements Service Level Agreements Controlling -Cost & benefits, risk mgmt Programs -Project portfolio mgmt IT Operational processes Maintenance & Development Vendor Mgmt Contracts, Outsourcing Change Mgmt Transformation, training & education Vendors Solutions 4 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Business Strategy Mission, Vision, Strategy IT Board IT Strategy Investments, Policies, Guidelines Business IT Business Relationship CIO Office Controlling, Risk mgmt IT Architecture Architecture Decisions Risk of the process commonality Business Requirements Service Level Agreements Controlling -Cost & benefits, risk mgmt Programs -Project portfolio mgmt IT Operational processes Maintenance & Development Vendor Mgmt Contracts, Outsourcing Vendors Solutions Change Mgmt Transformation, training & education High Business Value Agility & Effectiveness Low Process Commonality Medium Process Commonality High Process Commonality Breakeven point Flexibility Low Low Harmonization Complexity and Risk High 5 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Reducing the risk by compenentization Business Component Business Purpose Activities Capabilities People Technology Process A Business Services Processes call necessary business services to provide activities for the process workflow as agreed in the Service Level Agreement (SLA). SLA Process B Service Level Agreements helps managing risks 6 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Reduce the risk by understanding the as-is and planning the future roadmap for to-be Direct Control Business New Customer Customer & Resource Business Sales & Management Admin Development Servicing Business Segment Customer Customer and Resource Analysis & Portfolio & Sales & Servicing Planning Planning Analysis Planning Business Policies & Acquisition Credit Procedures Policy & Planning Planning External Relations Business Customer Product Sales/ Architecture Behavior Oversight Service & Models Administration Business Relationship Unit Tracking Campaign Case & Oversight Management Exception Handling Audit/Assurance/Legal/ L Application Compliance Processing Product Delivery Product Operations Planning L Product Operations Oversight Product Services Product Services Planning Product Services Oversight Account Services Account Services Planning Account Services Oversight Fraud/AML Detection Business Financial Portfolio Management Management Asset & Liability Policy & Planning Finance Policies Risk/Portfolio Management Financial Control Reconciliations Improvement potential from Service Enabling Assessment Small Medium Large Execute Business Unit Administration Human Resource Management Facilities Operation & Maintenance Systems Development & Operations Fixed Asset Register Production Assurance (Help Desk) Product Development & Deployment Market Research Product Directory Marketing S Campaign Execution L Credit Administration Relationship Management Collateral Handling Customer Profile Contact/ Event History Authorizations Transaction Consolidation Transaction Capture Services Sales Dialogue Handler Smart Routing S DDA/Check- Specific Processing Retail Lending Card-specific Processing Card Financial Capture Merchant Operations Inventory Management M Cash Inventory Market Information L Correspondence Document Management & Archive Rewards Administration Consolidated S Customer Accounting Book/Position Treasury Maintenance Billing & Securitization/ Financials Payments Syndication Consolidation Collections Inter-bank Accounting & Recovery Account General Management Ledger Copyright IBM Corporation 2006 Criticality of Business Components Assessment S Small M Medium L Large 7 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Reducing the risk by complimentrary views Business IT Componentization Master Data Process harmonization Common IT Architecture Services Business Componentization and/or Process harmonization enables to utilize the common IT architecture and by definition adds value for the business. 8 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

IBM Global Business Services Where is the vendor & sourcing risk? Becoming integrated Strategic Transformation Operational Transformation IT Infrastructure Transformation Strategy linkage linkage Business Processes & People Enabling Technology & IT Infrastructure Partnering and deep understanding about your business reduces the risk! 9 The Global CFO Study 2008 Copyright IBM Corporation 2009

Transparent view of all IT Initiatives reduces risk All business initiatives are fighting for the same pool of the money and resources of an Enterprise, therefore it is necessity to conduct Business Initiative Decisions : From all the candidate initiatives, which ones should we expose? Not all candidate initiatives should be exposed. Every implemented initiative has costs and risks. Business Initiative Test helps make exposure decisions. Initiative Business Alignment Cost Benefit Risk BIT Initiatives (Exposed) BIT: Does the business initiative provide a required unit of business functionality that supports business processes and goals? Business Goals Candidate Initiatives S0 S1 S2 S3 Buying hardware is different from the complex business process re-engineering projects. 10 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Do you manage Business case and Change mgmt jointly with your vendor? Business Performance Instant step improvement as promised in the project business case Current Actual Change management focuses on sustaining performance by minimizing the initial drop and accelerating the learning curve Go-live Time 11 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 12 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Operatiivinen riskien hallinta ja toiminnan jatkuvuuden turvaaminen Kolme näkökulmaa 1. Projektit 2. Tuotantoonsiirto 3. Jatkuva tuotanto 13 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Projektin riskien hallinnasta Tuntemattomat riskit aktiivinen riskien etsintä Tunnetut ja tunnistetut riskit analysointi painotetun rahallisen arvon määrittäminen aikatauluvaikutuksen arvionti mitigointisuunnitelma seuranta Probability of Adverse Outcome HIGH 5 SIGNIFICANT 3.5 - <4.5 MOD. 2.5 <3.5 MEDIUM 1.5 - <2.5 LOW 1 - <1.5 LOW 1 - <1.5 1 4 5 1 4 5 2 3 MEDIUM MOD. SIGNIFICANT HIGH 1.5 - <2.5 2.5 <3.5 3.5 - <4.5 4.5-5 Consequence of Adverse Outcome Toimiva riskien hallinta edellyttää myös hankkeen ohjausryhmältä kykyä tehdä päätöksiä Lisätyö Lisaaika Toiminnallisuus 14 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Projektin riskien hallinnasta 15 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Projektin riskit: kuvaus ja mitigointi (1/2) EXECUTIVE RISK Lack of executive support often results in the perception that the project is not of high priority. Hence, the organization s desire to support the effort disintegrates in terms of resource commitment, effective decisionmaking, etc. Risk Mitigation Recommendations: Conduct stakeholder analysis to understand critical success factors (CSFs) of the project, and use CSFs as key performance indicators to measure project success Conduct Executive seminars as early part of Project mobilization to explain impact, role and expectations for the group. Require executive involvement in all stages of the project and in all significant functional and technical decisions which may impact the overall project service delivery model and/or the project timeline and budget Institute formal and regular communication of status from the project team to the executive group Attain executive commitment to participate in project communications to the company Schedule 1 on 1 briefings between the Project leader and CEO on a monthly basis FUNCTIONAL RISK Functional risks stem from ambiguous definition of business processes and requirements. Lack of early and ongoing user involvement often results in a system that does not adequately meet user needs and/or expectations Risk Mitigation Recommendations: Obtain up -front agreement and acceptance of project charter and scope from business user community Verify that requirements are properly defined in terms of alignment to key business processes and definition of specific need each requirement should address a single need; compound requirements usually generate scope ambiguity Engage business users throughout the project lifecycle to set scope, validate system processes and configuration through prototyping and secure early buy -in to the overall system design Incorporate formal user review checkpoints throughout the project lifecycle Leverage average value chain with known industry specific ERP supported processes. ORGANIZATIONAL RISK A organization must be ready, willing and able to accept a new system. Lack of appropriate training and minimal communications often result in a system that is not accepted and/or used. Risk Mitigation Recommendations : Conduct a change readiness study early in the project define communications strategy based on results of workshop Establish two -way communications plan with business user community; end -user feedback is critical to delivering a quality product that will be accepted Utilize communications methods which are familiar and accepted by the audience and keep users informed of forthcoming changes Conduct walkthroughs with users at key points to provide information on ERP Package Analyze audience to be trained on the new system and define targeted training program focused on system: System fundamentals (logging in/logging out, panel navigation) System functionality (process, functions, features) Hands -on exercises and Help Facilities Define pragmatic post -production support strategy; this may include refresher or reinforcement end-user training 16 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Projektin riskit: kuvaus ja mitigointi (2/2) TECHNICAL RISK An unstable technical environment can result in poor system performance as well as reduced data integrity and control. Ultimately, usage of the system will deteriorate if the environment is not reliable. Risk Mitigation Recommendations: Verify hardware and software are compatible with The GAP s existing IT architecture Conduct technical environment sizing early on in project, taking into consideration growth patterns conduct interim volume/performance tests to ensure that the architecture is sufficient Focus on the data conversion early, starting with the conversion strategy in the Assess phase to define scope, conversion approach, timing, and other items. Conduct at least three to four data conversion subsystem tests prior to actual production cutover Define application release and patch integration strategy during Assess Phase of the project Define security and audit controls during the Assess and Design Phase of the project and test thoroughly during the system test stage Define and test backup/recovery procedures and define a sound disaster recovery plan RESOURCE RISK Resource dedication to the project significantly improves the probability of success. A team with less than desirable skills and limited dedication cannot be high performing; thus, jeopardizing project timelines and the overall quality of the system. Risk Mitigation Recommendations: Identify competing priorities early and make realistic planning assumptions regarding resources Define required skill sets for the project, identify candidates and define/execute core project team training. Determine timeline impacts and resource availability early on in the project Define overall project budget and monitor throughout the project Monitor missed milestones and adjust resources accordingly Develop a retention plan for the client s project team members Assess consulting team has experienced, proven resources in key roles Assess industry specific knowledge is available to all teams. PROJECT RISK A project that is that is poorly planned will also be poorly executed. Lack of up-front planning and inadequate project controls can lead to runaway scope, missed activities, poor quality deliverables, and a less than desirable end product. Risk Mitigation Recommendations: Establish project scope at the requirements level early in the project Maintain constant vigilance over scope via a structured change control process Employ a proven methodology with the appropriate activities, tools and templates to ensure consistency and high quality deliverables Conduct detailed project planning during each phase of the project (e.g. Assess, Design, Build, Implementation) to manage tasks, resources and critical path Implement a formal issue resolution process to effectively document and track issues and their resolutions Conduct regular project status meetings to review progress and issues at the project team, project management and executive level Earned Value basis,detailed WBS and action focused reporting against plan. 17 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Tuotantoonsiirto / siirtyminen hankkeen vaiheesta toiseen Project Preparation Blueprint Protocycling and Development Testing Dry Run Cutover Training Cutover Go- Live Gate Reviews 18 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Jatkuva tuotanto Standardien asetus Change Management Release Management Configuration Management Asset Management Incident Management Problem Management Service Level Management Security Management Availability Management Compliance management Itsearviointi Ystävällinen audit Audit 19 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 20 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

IBM Information Security Federated Identity management Identity Management, as a business process, for cross-enterprise collaboration Ville Suonurmi IBM, Software Group ville.suonurmi@fi.ibm.com IBM Corporation 29.1.2009 Copyright IBM Corporation 2009

Cross-enterprise collaboration Partnerships Outsourcing Customers Independent BUs e.g. from Mergers & Aquisitions 22 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

How to provide employees, partners and customers with controled access to infrastructure and applications? No standards to trust identities from other organizations Replication of account information Costly/Inefficient Account Management Security Audit concerns, compliance and privacy exposures 23 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Federated identity management Set of business and technical agreements and policies lower overall identity management costs improve user experience mitigate security risks 24 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Federation Agreement Framework Forms part of the legal framework which governs the federation and helps parties determine the scope of the risk being taken Source: IBM/Burton Research Ping Identity Research 25 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Next Coffee break 26 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Federation Agreement Framework Technical considerations Technical Standards, Version Members of a private federation must agree on a set of technical Standards (WS*, Liberty, SAML) and specifications (VPN, SSL) that will be used Certificate Technology Specify Certificate/credentialing approaches for the federation, Certificate authorities to use, management rules for public and private keys: timeframes, refresh rules, Lifecycle rules for keys and credentials, and required certificate practice statement Authentication Technology Types of authentication usable in this federation; password policy, key strength, approved vendors, applicable levels of assurance, mapping authentication technologies against levels of assurance Attributes and Data Maps Defines specific types of attributes which might be associated with a user; applicable attributes, required attributes, metadata or schema/namespace for attributes Logging Logs may be used for research, investigations, and compliance; logging storage, logging content, logging format 27 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Federation Agreement Framework Business considerations Minimum Requirements Access Policy Management Should the federation impose minimum participation requirements or certification. If certification is required, who will perform this; Self, Internal, External, Certification group, etc Defines acceptable access; policy management attribute and criteria standards - roles, handling of errors, language for defining policies Privacy Legislation Specify privacy policies along with a compliance body (i.e. HIPAA) or technical requirements; Liberty PPEL, WS-Privacy\Policy, XACML Compliance Regulatory and Policy Risk and Liability A method for compliance checking and processes in the event of non-compliance specifying who performs the checking, how often, procedures in non-compliance, and effect on risk and liability Intended to limit liabilities passed between federation participants in the event of fraud or error; i.e. Pre-set amount, capped, out-of-pocket expense, etc Terms in a Liability Swing In a breach, identity theft, or errors and omissions in processing, it may be appropriate for some losses to be allocated to one participant in the identity exchange (i.e. one party does not meet the minimum standards, deficient authentication, etc) 28 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 29 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 30 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

IBM Seuranta ja analyysi toiminnan muutosten ennakoinnissa Juha Teljo Director, Business Intelligence and Performance Management IBM Corporation 29.1.2009 Copyright IBM Corporation 2009

Holistic view Business Strategy Mission, Vision, Strategy IT Board IT Strategy Investments, Policies, Guidelines Business IT Business Relationship CIO Office Controlling, Risk mgmt IT Architecture Architecture Decisions Business Requirements Service Level Agreements Controlling -Cost & benefits, risk mgmt Programs -Project portfolio mgmt IT Operational processes Maintenance & Development Vendor Mgmt Contracts, Outsourcing Change Mgmt Transformation, training & education Vendors Solutions 32 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

What is the cost for a bad decision? Why people make bad decisions? 33 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Key Challenge is Unlocking the Value of Information 52% of users don t have confidence in their information 1 59% of managers miss information they should have used 2 42% of managers use wrong information at least once a week 2 1 AIIM 2008 Survey 2 Accenture 2007 Managers Survey 34 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

A Multitude of Information Projects Each successful in its own right; but limited speed and flexibility Large Global Bank 5 data warehouse projects in 5 years Large customer call center deployment Reengineered CIF System Millions invested I still can t sleep at night; I don t have a real time and accurate view into my risk posture - Chief Risk Officer I still can t tell you who our most profitable customers are, let alone serve them well across my channels - Chief Information Officer Multi-channel Apparel Retailer 3 brick & mortar and 1 web channel Multiple customer loyalty systems Multiple call centers 1 credit card 35 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009 35

Optimizing Performance Performance Decision Making Information Data 36 IBM Corporation I 29.1.2009 Copyright IBM Corporation 200936

TODAY S PERFORMANCE MANAGEMENT SYSTEMS Designed in 1930 s when market volatility was low When companies could ship everything they produced Management practices: Detailed, top-down annual budgets Infrequent forecasts Not linked to business drivers nor operational plans Not linked to strategic objectives Not linked to market events 37 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

SPEED AND VARIABILITY ARE INCREASING Results: Resources not optimized Long time delays Missed revenue and profit opportunities 38 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Three Questions that Drive Performance How are we doing? Why? What should we be doing? 39 IBM Corporation I 29.1.2009 Copyright IBM Corporation 200939

Three How Questions are we doing? that Drive Performance How are we doing? How are we doing? Why? Why? What should we be doing? What should we be doing? 40 IBM Corporation I 29.1.2009 Copyright IBM Corporation 200940

Three Questions that Drive Performance FINANCE MARKETING PRODUCT DEVELOPMENT How are we doing? Why? SALES What should we be doing? OPERATIONS CUSTOMER IT HR SERVICE 41 IBM Corporation I 29.1.2009 Copyright IBM Corporation 200941

How Answers are Often Found CMO How are we doing? Why? What should we be doing? MARKETING How are we doing? Why? What should we be doing? CRM TBS/DLB HR ERP RETAIL INTERNAL DATA EXTERNAL DATA AC NEILSON 42 IBM Corporation I 29.1.2009 Copyright IBM Corporation 200942

How Do We Create Information Agility? Create an Information Agenda for Your Organization Current State Information Intensive Projects Highly justified projects transform information into a trusted strategic asset that can be rapidly leveraged across applications, processes and decisions for sustained competitive advantage Information Based Enterprise an enterprise with an Information agenda Desired State Flexibility & Speed Sustained competitive advantage You can lead the transformation starting with your current project. You can lead the transformation starting with your current project. IBM helps you accelerate the journey 43 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009 43

Becoming an Information Based Enterprise... Information Agenda: The 5th entry point of Information On Demand Creating an information agenda helps transform information into a trusted strategic asset that can be rapidly leveraged across applications, processes and decisions for sustained competitive advantage. Current State Information Intensive Projects Desired State Flexibility & Speed Highly justified projects Sustained competitive advantage 44 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009 44

Becoming an Information Based Enterprise... Establish an information driven strategy & objectives to enable business priorities Discover & design trusted information with unified tools and expertise to sustain competitive advantage over time Accelerate information intensive projects aligned with the strategy to speed both short and long-term returns on investment Deploy open and agile technology and leverage existing information assets for speed and flexibility 45 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009 45

Business Process Management on toimintamalli BPM solves common business challenges... Se on avuksi toimintaa kehitettäessä kun: Prosessit dokumentoimatta Prosesseissa pullonkauloja Läpinäkyvyys toimintaan puuttuu Eri prosessien keskinäinen koordinointi mutkikasta Muutosten tunnistaminen on vaikeaa Seurannan mittarit määrittelemättä BPM includes Integraatio Mallinnus Monitorointi Ohjelmistot Käyttöliittymät Sääntömoottori Prosessimoottori Mallit Prosessien tuntemus Mittarit Toimintamallit ja osaaminen Politiikat Liiketoimintalogiikka Menetelmät BPM governs organizational and operational activities 46 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Business Activity Monitoring (BAM) monitorointivälineet Tosiaikainen näkymä toimintaan ja prosesseihin Tuloskortit Avainmittaristot (KPI:t) eri toiminnoille Kollaboraatio Tiimityökalut ongelmanratkaisuun Hälytykset Ilmoitukset tilanteista jotka vaativat erityishuomiota Raportit ja analyysit Tosiaikaisen tiedon vertaaminen historiaan auttaa tulkitsemaan mitä on tapahtumassa Ulkoisen tiedon linkitys Omaan toimintaan vaikuttava tieto tuotavissa samaan näkymään WebSphere Business Monitor 47 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 48 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 49 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

AGENDA 14:00 Seminaarin aloitus, Timo Haavisto 14:05 ICT riskit liiketoiminnalle, Riku Lindfors 14:35 Case study - Operational risks management & continuity Pekka Leppänen 14:55 Information Security, Ville Suonurmi 15:10 Kahvitauko 15:40 ICT riskienhallinan tukena, Juha Teljo 16:10 Riskienhallintajärjestelmä, Case Skanska, Teemu Lehto / Antti Leino 16:40 Roundtable, Yhteenveto päivän teemoista, Mikko Routti 17:10 Tilaisuuden päätös 17:15 Verkostoitumista ja pientä purtavaa 50 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

Yhteydenotot Timo Haavisto timo.haavisto@fi.ibm.com 050 311 2595 51 IBM Corporation I 29.1.2009 Copyright IBM Corporation 2009

2024 © DocPlayer.fi Yksityisyyskäytäntö | Palveluehdot | Palaute