🤖〽️Prompt Engineering: Copilot Unabridged (Part 42: How AI Can Help in Understanding Complex Systems)

Prompt Engineering Series

Prompt: "write a blogpost of 600 words on how AI can help in understanding complex systems"

Introduction

Artificial Intelligence (AI) is revolutionizing the way we analyze and interpret complex systems - from financial markets to biological ecosystems. These systems consist of interconnected components that interact in unpredictable ways, making them difficult to understand using traditional methods. AI’s ability to process vast amounts of data, recognize patterns, and simulate scenarios makes it an invaluable tool for deciphering complexity.

1. AI’s Role in Analyzing Complex Systems

Complex systems exist in various domains, including finance, healthcare, transportation, and environmental science. AI enhances our understanding by:

• Identifying hidden patterns in large datasets.
• Predicting system behavior based on historical trends.
• Simulating different scenarios to assess potential outcomes.

For example, AI can analyze financial markets to predict economic trends or optimize traffic systems to reduce congestion.

2. AI in Explainable Models for Complex Systems

One challenge in understanding complex systems is the black-box nature of AI models. Explainable AI (XAI) helps by:

• Clarifying AI decision-making processes, making them more transparent.
• Providing interpretable insights, ensuring users understand AI-generated conclusions.
• Enhancing trust in AI-driven predictions, especially in critical sectors like healthcare and finance.

By making AI more explainable, researchers and policymakers can verify and refine AI-driven insights.

3. AI in Scientific Research and Discovery

AI accelerates scientific discovery by analyzing complex biological, chemical, and physical systems. Some applications include:

• AI-driven drug discovery, identifying potential treatments faster.
• Climate modeling, predicting environmental changes with greater accuracy.
• Genomic analysis, uncovering genetic patterns linked to diseases.

AI’s ability to process massive datasets enables breakthroughs in fields that rely on complex system analysis.

4. AI in Decision-Making and Policy Development

Governments and organizations use AI to navigate complex policy decisions by:

• Assessing economic impacts of policy changes.
• Optimizing resource allocation in healthcare and infrastructure.
• Enhancing cybersecurity, detecting threats in interconnected digital systems.

AI-driven insights help policymakers make informed decisions in dynamic environments.

Conclusion: AI as a Key to Understanding Complexity

AI’s ability to analyze, explain, and predict complex systems makes it an essential tool for scientific research, policy development, and industry innovation. By leveraging AI, humanity can better understand and manage intricate systems, leading to smarter decisions and groundbreaking discoveries.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🤖〽️Prompt Engineering: Copilot Unabridged (Part 41: How AI Can Play Devil’s Advocate - Challenging Assumptions and Expanding Perspectives)

Prompt Engineering Series

Prompt: "write a blogpost of 600 words on how AI can play devil's advocate"

Introduction

Artificial Intelligence (AI) is often seen as a tool for efficiency, automation, and problem-solving. However, one of its most intriguing capabilities is its ability to play devil’s advocate - challenging assumptions, questioning biases, and presenting alternative viewpoints. By acting as a skeptical counterbalance, AI can help individuals and organizations think critically, refine arguments, and explore diverse perspectives.

1. What Does It Mean to Play Devil’s Advocate?

Playing devil’s advocate means arguing against a prevailing opinion or assumption, even if one does not personally agree with the opposing stance. This approach is valuable in:

• Debates and discussions, where opposing viewpoints strengthen arguments.
• Decision-making, ensuring all possibilities are considered.
• Problem-solving, where unconventional perspectives lead to innovative solutions.

AI, with its ability to analyze vast amounts of data and generate counterarguments, is uniquely positioned to take on this role.

2. How AI Challenges Confirmation Bias

One of AI’s most important functions as a devil’s advocate is breaking the confirmation bias loop - the tendency for people to seek out information that supports their existing beliefs while ignoring contradictory evidence. AI can:

• Identify logical inconsistencies in arguments.
• Present alternative viewpoints, even if they challenge popular opinions.
• Encourage critical thinking by questioning assumptions.

By disrupting confirmation bias, AI helps individuals and organizations make more informed and balanced decisions.

3. AI in Decision-Making and Policy Development

AI-driven devil’s advocacy is particularly useful in policy-making, business strategy, and ethical debates. Some applications include:

• Corporate decision-making: AI can highlight risks and alternative strategies before executives finalize plans.
• Legal and ethical discussions: AI can present opposing viewpoints in debates about regulations and governance.
• Scientific research: AI can challenge hypotheses, ensuring rigorous testing and validation.

By forcing individuals to consider alternative perspectives, AI enhances objectivity and rational decision-making.

4. AI’s Role in Amplifying Minority Voices

AI can also serve as a mediator for underrepresented perspectives, ensuring that minority viewpoints are heard in group discussions. AI-driven devil’s advocate systems:

• Reduce social influence biases, preventing dominant voices from overshadowing others.
• Encourage diverse perspectives, fostering more inclusive decision-making.
• Improve psychological safety, allowing individuals to express dissenting opinions anonymously.
• This approach ensures that critical discussions remain balanced and representative.

5. The Challenges of AI as a Devil’s Advocate

While AI can challenge assumptions, it also faces limitations:

• AI models may reinforce biases if trained on skewed data.
• AI lacks true human intuition, making some counterarguments overly rigid.
• AI’s responses depend on prompts, requiring careful input to generate meaningful opposition.

To maximize AI’s effectiveness as a devil’s advocate, developers must ensure diverse training data and refine AI’s ability to engage in nuanced discussions.

Conclusion: AI as a Catalyst for Critical Thinking

AI’s ability to challenge assumptions, disrupt biases, and amplify diverse perspectives makes it a powerful tool for critical thinking and informed decision-making. By playing devil’s advocate, AI helps individuals and organizations refine arguments, explore alternative viewpoints, and make more balanced choices.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🤖〽️Prompt Engineering: Copilot Unabridged (Part 39: How Fast Does Humanity Move in Enforcing Policies to Cope with AI’s Rapid Growth?)

Prompt Engineering Series

Introduction

Artificial Intelligence (AI) is evolving at an unprecedented pace, reshaping industries, governance, and daily life. However, the speed at which AI advances often outpaces policy enforcement, leaving governments and institutions struggling to regulate its impact effectively. While AI’s rapid development demands swift policy responses, humanity’s ability to enforce regulations remains slow and fragmented due to bureaucratic hurdles, ethical dilemmas, and global inconsistencies.

1. The Lag Between AI Innovation and Policy Enforcement

AI’s growth is exponential, but policy enforcement follows a linear and bureaucratic process. Some key reasons for this lag include:

• Complex legislative procedures: Governments require extensive debates, approvals, and revisions before implementing AI regulations.
• Ethical uncertainties: Policymakers struggle to define AI’s ethical boundaries, delaying enforcement.
• Corporate resistance: Tech companies often lobby against strict AI regulations, slowing policy adoption.

This delay creates a regulatory gap, where AI evolves faster than laws can govern its use.

2. Global AI Policy Enforcement: A Fragmented Approach

Different countries enforce AI policies at varying speeds, leading to inconsistent regulations worldwide. Some examples include:

• The European Union (EU): The EU AI Act is one of the most comprehensive AI regulations, but its enforcement is slow due to legal complexities.
• The United States: AI policy enforcement is largely decentralized, with states implementing different regulations.
• China: AI governance is strict, but enforcement focuses on state control rather than ethical concerns.

This fragmented approach makes global AI regulation difficult, as different regions prioritize different aspects of AI governance.

3. The Challenges of AI Policy Enforcement

Even when AI policies are established, enforcement faces several challenges:

• Lack of technical expertise: Policymakers often lack AI knowledge, making enforcement ineffective.
• Corporate non-compliance: Companies may bypass regulations through loopholes or offshore operations.
• Slow adaptation to AI advancements: Policies become outdated quickly as AI evolves.

Without continuous policy updates, AI enforcement remains inefficient and reactive rather than proactive.

4. The Need for Dynamic AI Regulations

To cope with AI’s fast pace, experts propose dynamic AI regulations, where policies evolve alongside technological advancements. Some solutions include:

• AI governance frameworks that adapt to new AI developments.
• International AI cooperation to create unified global standards.
• Automated AI auditing systems to monitor compliance in real time.

By implementing flexible and adaptive policies, humanity can keep pace with AI’s rapid growth.

Conclusion: Humanity Must Accelerate AI Policy Enforcement

While AI evolves rapidly, policy enforcement remains slow and fragmented, creating regulatory gaps that could lead to ethical and security risks. Governments, businesses, and researchers must accelerate AI policy development, ensuring regulations keep pace with technological advancements. Without proactive enforcement, AI’s impact on society could become unmanageable, making responsible AI governance more urgent than ever.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🤖〽️Prompt Engineering: Copilot Unabridged (Part 38: The Growing Backlog of AI Policies - How Much Needs to Be Done?)

Prompt Engineering Series

Prompt: "write a blogpost of 600 words on how big is the backlog of policies that need to be made" because of AI

Introduction

Artificial Intelligence (AI) is advancing at an unprecedented pace, reshaping industries, governance, and daily life. However, the rapid evolution of AI has outpaced regulatory frameworks, leaving governments, businesses, and institutions struggling to catch up with necessary policies. The backlog of AI-related policies is substantial, covering areas such as ethics, security, employment, privacy, and accountability.

1. The Urgent Need for AI Governance

AI’s widespread adoption has created legal and ethical gaps that require immediate policy intervention. Some of the most pressing areas include:

• AI bias and fairness: Policies must ensure AI systems do not reinforce discrimination.
• Data privacy and security: AI-driven data collection raises concerns about surveillance and personal privacy.
• AI accountability: Governments must define who is responsible when AI makes errors or unethical decisions.
• AI in employment: Regulations must address job displacement and workforce adaptation.

Without clear policies, AI’s impact on society could become unpredictable and potentially harmful.

2. The Backlog of AI Policies Across Industries

Different sectors require specific AI regulations, but many industries are lagging behind in policy development. Some examples include:

• Healthcare: AI-powered diagnostics and treatment recommendations need strict oversight to prevent errors.
• Finance: AI-driven trading algorithms require regulations to prevent market manipulation.
• Education: AI-powered learning tools must be monitored to ensure ethical use and prevent misinformation.
• Law enforcement: AI surveillance and facial recognition technologies raise concerns about civil liberties.

Governments and institutions must accelerate policy development to keep up with AI’s rapid integration into these fields.

3. Global AI Policy Challenges

AI regulation is not uniform across countries, leading to conflicting policies and enforcement difficulties. Some challenges include:

• Different AI ethics standards: Countries have varying perspectives on AI’s role in governance and security.
• Cross-border AI regulations: AI-driven cyber threats and misinformation require international cooperation.
• Corporate AI policies: Businesses must align AI governance with global standards to ensure compliance.

The backlog of AI policies is not just national - it’s global, requiring collaboration between governments, corporations, and researchers.

4. The Role of AI Policy Frameworks

Organizations and governments are working to develop AI policy frameworks, but progress is slow. Some key initiatives include:

• The EU AI Act, which aims to regulate AI applications based on risk levels.
• ISO 42001, an AI management system standard for responsible AI governance.
• Corporate AI policies, guiding ethical AI use within businesses.

Despite these efforts, the backlog of AI policies remains significant, requiring faster implementation and enforcement.

Conclusion: AI Policy Development Must Accelerate

The backlog of AI policies is large and growing, covering ethics, security, employment, privacy, and accountability. Governments, businesses, and institutions must prioritize AI governance, ensuring regulations keep pace with technological advancements. Without proactive policy development, AI’s impact on society could become unmanageable, making responsible AI regulation more urgent than ever.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🤖〽️Prompt Engineering: Copilot Unabridged (Part 11: How the Danger of AI on Society Can Be Alleviated)

Prompt Engineering Series

Prompt: "write a blogpost of 600 words on how the danger of AI on society can be alleviated"

Introduction

Artificial Intelligence (AI) is rapidly transforming industries, improving efficiency, and driving innovation. However, as AI becomes more embedded in society, concerns about its risks grow. Issues such as bias, privacy invasion, job displacement, and security threats require proactive solutions. Rather than fearing AI’s expansion, society must focus on responsible development and regulation to alleviate potential dangers.

1. Implementing Ethical AI Frameworks

One of the most critical steps in reducing AI-related risks is the implementation of ethical guidelines. AI should be developed in ways that align with human values, fairness, and inclusivity. Strategies include:

• Bias reduction: Ensuring AI models are trained on diverse and representative datasets to prevent discrimination.
• Explainability: AI decisions must be transparent, allowing users to understand how conclusions are reached.
• Accountability: Companies should audit AI systems regularly to detect ethical violations.

Establishing strong governance structures ensures AI remains a positive force rather than a tool for unchecked automation.

2. Strengthening Data Privacy Regulations

AI depends on vast amounts of data, raising concerns about misuse, surveillance, and privacy violations. Strengthening privacy laws ensures AI operates within ethical boundaries. Governments and organizations can:

• Enforce data protection laws such as GDPR and CCPA to regulate AI-driven data collection.
• Promote secure data storage to prevent breaches and cyberattacks.
• Enhance consumer control over their personal information, allowing users to opt out of unnecessary AI-driven data tracking.

By prioritizing privacy and security, society can ensure AI is used ethically and responsibly.

3. Addressing AI-Driven Job Displacement

Automation powered by AI replaces human labor in various industries, creating concerns about mass unemployment and economic instability. Governments, businesses, and educational institutions must:

• Invest in workforce reskilling to help displaced workers transition to AI-related roles.
• Encourage AI augmentation rather than total automation - allowing AI to assist workers rather than replace them.
• Develop policies that support AI-driven job creation while mitigating mass layoffs.

A balanced approach ensures that AI improves productivity without harming employment opportunities.

4. Regulating AI in Autonomous Systems

AI plays a key role in autonomous vehicles, robotics, and military applications, which can pose serious risks if improperly managed. To minimize dangers:

• Governments must set strict regulations for self-driving technology to prevent accidents.
• AI-powered weaponry should be internationally regulated to prevent autonomous conflicts.
• AI-driven healthcare tools must be monitored by professionals to avoid errors in medical diagnostics.

Regulating AI applications in critical sectors prevents unintended harm to society.

5. Combating AI-Generated Misinformation

AI-driven misinformation - such as deepfakes, AI-generated fake news, and manipulated social media content - can harm democracy and trust in digital spaces. Solutions include:

• Developing AI fact-checking systems to detect and flag misleading information.
• Educating the public on recognizing AI-generated fake content.
• Enforcing platform accountability, requiring tech companies to monitor and moderate AI-driven misinformation.

AI’s potential for deception must be controlled to preserve trust in digital communication.

Conclusion: Shaping AI for a Safe Future

AI holds enormous potential, but without ethical development and responsible policies, it can become a threat rather than a benefit. By implementing fairness guidelines, regulating data usage, addressing job displacement, controlling autonomous AI, and combating misinformation, society can steer AI toward progress rather than chaos.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🏭🗒️Microsoft Fabric: Data Loss Prevention (DLP) in Purview [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 10-Jun-2025

[Microsoft Purview] Data Loss Prevention (DLP)

• {def} the practice of protecting sensitive data to reduce the risk from oversharing [2]
• implemented by defining and applying DLP policies [2]
• {benefit} helps to protect sensitive information with policies that automatically detect, monitor, and control the sharing or movement of sensitive data [1]
• administrators can customize rules to block, restrict, or alert when sensitive data is transferred to prevent accidental or malicious data leaks [1]
• {concept} DLP policies
• allow to monitor the activities users take on sensitive items and then take protective actions [2]
• applies to sensitive items 
• at rest
• in transit [2]
• in use [2]
• created and maintained in the Microsoft Purview portal [2]
• {scope} only supported for Power BI semantic models [1]
• {action} show a pop-up policy tip to the user that warns that they might be trying to share a sensitive item inappropriately [2]
• {action} block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification [2]
• {action} block the sharing without the override option [2]
• {action} [data at rest] sensitive items can be locked and moved to a secure quarantine location [2]
• {action} sensitive information won't be displayed 
• e.g. Teams chat
• DLP reports
• provides data from monitoring policy matches and actions, to user activities [2]
• used as basis for tuning policies and triage actions taken on sensitive items [2]
• telemetry uses M365 audit Logs and processed the data for the different reporting tools [2]
• M365 provides with visibility into risky user activities [2]
• scans the audit logs for risky activities and runs them through a correlation engine to find activities that are occurring at a high volume [1]
• no DLP policies are required [2]
• {feature} detects sensitive items by using deep content analysis [2]
• ⇐ not by just a simple text scan [2]
• based on
• keywords matching [2]
• evaluation of regular expressions [2] 
• internal function validation [2]
• secondary data matches that are in proximity to the primary data match [2]
• ML algorithms and other methods to detect content that matches DLP policies
• all DLP monitored activities are recorded to the Microsoft 365 Audit log [2]
• DLP lifecycle
• {phase} plan for DLP
• train and acclimate users to DLP practices on well-planned and tuned policies [2]
• {recommendation} use policy tips to raise awareness with users before changing the policy status from simulation mode to more restrictive modes [2]
• {phase} prepare for DLP
• {phase} deploy policies in production
• {action} define control objectives, and how they apply across workloads [2]
• {action} draft a policy that embodies the objectives
• {action} start with one workload at a time, or across all workloads - there's no impact yet
• {feature} implement policies in simulation mode
• {benefit} allows to evaluate the impact of controls
• the actions defined in a policy aren't applied yet
• {benefit} allows to monitor the outcomes of the policy and fine-tune it so that it meets the control objectives while ensuring it doesn't adversely or inadvertently impacting valid user workflows and productivity [2]
• e.g. adjusting the locations and people/places that are in or out of scope
• e.g. tune the conditions that are used to determine if an item and what is being done with it matches the policy
• e.g. the sensitive information definition/s
• e.g. add new controls
• e.g. add new people
• e.g. add new restricted apps
• e.g. add new restricted sites
• {step} enable the control and tune policies [2]
• policies take effect about an hour after being turned on [2]
• {action} create DLP policy 
• {action} deploy DLP policy 
• DLP alerts 
• alerts generated when a user performs an action that meets the criteria of a DLP policy [2]
• there are incident reports configured to generate alerts [2]
• {limitation} available in the alerts dashboard for 30 days [2]
• DLP posts the alert for investigation in the DLP Alerts dashboard
• {tool} DLP Alerts dashboard 
• allows to view alerts, triage them, set investigation status, and track resolution
• routed to Microsoft Defender portal 
• {limitation} available for six months [2]
• {constraint} administrative unit restricted admins see the DLP alerts for their administrative unit only [2]
• {concept} egress activities (aka exfiltration)
• {def} actions related to exiting or leaving a space, system or network [2]
• {concept}[Microsoft Fabric] policy
• when a DLP policy detects a supported item type containing sensitive information, the actions configured in the policy are triggered [3]
• {feature} Activity explorer
• allows to view Data from DLP for Fabric and Power BI
• for accessing the data, user's account must be a member of any of the following roles or higher [3]
• Compliance administrator
• Security administrator
• Compliance data administrator
• Global Administrator 
• {warning} a highly privileged role that should only be used in scenarios where a lesser privileged role can't be used [3]
• {recommendation} use a role with the fewest permissions [3]
• {warning} DLP evaluation workloads impact capacity consumption [3]
• {action} define policy
• in the data loss prevention section of the Microsoft Purview portal [3]
• allows to specify 
•  conditions 
• e.g. sensitivity labels
•  sensitive info types that should be detected [3]
• [semantic model] evaluated against DLP policies 
• whenever one of the following events occurs:
• publish
• republish
• on-demand refresh
• scheduled refresh
•  the evaluation  doesn't occur if either of the following is true
• the initiator of the event is an account using service principal authentication [3]
• the semantic model owner is a service principal [3]
• [lakehouse] evaluated against DLP policies when the data within a lakehouse undergoes a change
• e.g. getting new data, connecting a new source, adding or updating existing tables, etc. [3]

Previous Post <<||>> Next Post 

References:

[1] Microsoft Learn (2025) Learn about data loss prevention [link]

[2] Microsoft Learn (2024) Purview: Learn about data loss prevention [link]

[3] Microsoft Learn (2025) Get started with Data loss prevention policies for Fabric and Power BI [link]

Resources:

[R1] Microsoft Fabric Updates Blog (2024) Secure Your Data from Day One: Best Practices for Success with Purview Data Loss Prevention (DLP) Policies in Microsoft Fabric [link]
[R2] 

Acronyms:

DLP - Data Loss Prevention
M365 - Microsoft 365

🌌🏭KQL Reloaded: First Steps (Part V: Database Metadata)

When working with a new data repository, one of the first things to do is to look at database's metadata, when available, and try to get a birds eye view of what's available, how big is the databases in terms of size, tables and user-defined objects, how the schema was defined, how the data are stored, eventually how often backup are taken, what users have access and to what, etc. 

So, after creating some queries in KQL and figuring out how things work, I tried to check what metadata are available, how it can be accessed, etc. The target is not to provide a full list of the available metadata, but to understand what information is available, in what format, how easy is to extract the important metadata, etc. 

So, the first set of metadata is related to database:

// get database metadata metadata
.show databases (ContosoSales)

// get database metadata metadata (multiple databases)
.show databases (ContosoSales, Samples)

// get database schema metadata
.show databases (ContosoSales) schema

// get database schema metadata (multiple databases) 
.show databases (ContosoSales, Samples) schema

// get database schema violations metadata
.show database ContosoSales schema violations

// get database entities metadata
.show databases entities with (showObfuscatedStrings=true)
| where DatabaseName == "ContosoSales"

// get database metadata 
.show databases entities with (resolveFunctionsSchema=true)
| where DatabaseName == "ContosoSales" and EntityType == "Table"
//| summarize count () //get the number of tables

// get a function's details
.show databases entities with (resolveFunctionsSchema=true)
| where DatabaseName == "ContosoSales" 
    and EntityType == "Function" 
    and EntityName == "SalesWithParams"

// get external tables metadata
.show external tables

// get materialized views metadata
.show materialized-views

// get query results metadata
.show stored_query_results

// get entities groups metadata
.show entity_groups

Then, it's useful to look at the database objects. 

// get all tables 
.show tables 
//| count

// get tables metadata
.show tables (Customers, NewSales)

// get tables schema
.show table Customers cslschema

// get schema as json
.show table Customers schema as json

// get table size: Customers
Customers
| extend sizeEstimateOfColumn = estimate_data_size(*)
| summarize totalSize_MB=round(sum(sizeEstimateOfColumn)/1024.00/1024.00,2)

Unfortunately, the public environment has restrictions in what concerns the creation of objects, while for the features available one needs to create some objects to query the corresponding metadata.

Furthermore, it would be interesting to understand who has access to the various repositories, what policies were defined, and so on. 

// get principal roles
.show database ContosoSales principal roles

// get principal roles for table
.show table Customers principal roles

// get principal roles for function:
.show function SalesWithParams principal roles

// get retention policies
.show table Customers policy retention

// get sharding policies
.show table Customers policy sharding

There are many more objects one can explore. It makes sense to document the features, respectively the objects used for the various purposes.

In addition, one should check also the best practices available for the data repository (see [2]).

Happy coding!

Previous Post <<||>> Next Post

References:
[1] Microsoft Learn (2024) Management commands overview [link]
[2] Microsoft Learn (2024) Kusto: Best practices for schema management [link]

𖣯Strategic Management: Inflection Points and the Data Mesh (Quote of the Day)

Strategic Management Series

"Data mesh is what comes after an inflection point, shifting our approach, attitude, and technology toward data. Mathematically, an inflection point is a magic moment at which a curve stops bending one way and starts curving in the other direction. It’s a point that the old picture dissolves, giving way to a new one. [...] The impacts affect business agility, the ability to get value from data, and resilience to change. In the center is the inflection point, where we have a choice to make: to continue with our existing approach and, at best, reach a plateau of impact or take the data mesh approach with the promise of reaching new heights." [1]

I tried to understand the "metaphor" behind the quote. As the author through another quote pinpoints, the metaphor is borrowed from Andrew Groove:

"An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines. [...] Put another way, a strategic inflection point is when the balance of forces shifts from the old structure, from the old ways of doing business and the old ways of competing, to the new." [2]

The second part of the quote clarifies the role of the inflection point - the shift from a structure, respectively organization or system to a new one. The inflection point is not when we take a decision, but when the decision we took, and the impact shifts the balance. If the data mesh comes after the inflection point (see A), then there must be some kind of causality that converges uniquely toward the data mesh, which is questionable, if not illogical. A data mesh eventually makes sense after organizations reached a certain scale and thus is likely improbable to be adopted by small to medium businesses. Even for large organizations the data mesh may not be a viable solution if it doesn't have a proven record of success. 

I could understand if the author would have said that the data mesh will lead to an inflection point after its adoption, as is the case of transformative/disruptive technologies. Unfortunately, the tracking record of BI and Data Analytics projects doesn't give many hopes for such a magical moment to happen. Probably, becoming a data-driven organization could have such an effect, though for many organizations the effects are still far from expectations. 

There's another point to consider. A curve with inflection points can contain up and down concavities (see B) or there can be multiple curves passing through an inflection point (see C) and the continuation can be on any of the curves.

Examples of Inflection Points [3]

The change can be fast or slow (see D), and in the latter it may take a long time for change to be perceived. Also [2] notes that the perception that something changed can happen in stages. Moreover, the inflection point can be only local and doesn't describe the future evolution of the curve, which to say that the curve can change the trajectory shortly after that. It happens in business processes and policy implementations that after a change was made in extremis to alleviate an issue a slight improvement is recognized after which the performance decays sharply. It's the case of situations in which the symptoms and not the root causes were addressed. 

More appropriate to describe the change would be a tipping point, which can be defined as a critical threshold beyond which a system (the organization) reorganizes/changes, often abruptly and/or irreversible.

Previous Post <<||>> Next Post

References:
[1] Zhamak Dehghani (2021) Data Mesh: Delivering Data-Driven Value at Scale (book review)
[2] Andrew S Grove (1988) "Only the Paranoid Survive: How to Exploit the Crisis Points that Challenge Every Company and Career"
[3] SQL Troubles (2024) R Language: Drawing Function Plots (Part II - Basic Curves & Inflection Points) (link)

💼Project Management: Methodologies (Part I: Agile Manifesto Reloaded I - An Introduction)

 

There are so many books written on agile methodologies, each attempting to depict the realities of software development projects. There are many truths considered in them, though they seem to blend in a complex texture in which the writer takes usually the position of a preacher in which the sins of the traditional technologies are contrasted with the agile principles. In extremis everything done in the past seems to be wrong, while the agile methods seem to be a panacea, which is seldom the case.

There are already 20 years since the agile manifesto was published and the methodologies adhering to the respective principles don’t seem to provide the expected success, suffering from the same chronical symptoms of their predecessors - they are poorly understood and implemented, tend to function after hammer’s principle, respectively the software development projects still deliver poor results. Moreover, there are more and more professionals who raise their voice against agile practices.

Frankly, the principles behind the agile manifesto make sense. A project should by definition satisfy stakeholders’ requirements, ideally through regular deliveries that incorporate the needed functionality while gradually seeking to get early feedback from customers, respectively involve the customer through all project’s duration, working together to deliver a feasible product. Moreover, self-organizing teams, face-to-face meetings, constant pace, technical excellence should allow minimizing the waste, respectively maximizing the efficiency in the project. Further aspects like simplicity, good design and architecture should establish a basis for success.

Re-reading the agile manifesto, even if each read pulls from experience more and more pro and cons, the manifesto continues to look like a Christmas wish-list. Even if the represented ideas make sense and satisfy a specific need, they are difficult to achieve in a project’s context and setup. Each wish introduces a constraint that brings with it its own limitations. Unfortunately, each policy introduced by a methodology follows the same pattern, no matter of the methodology considered. Moreover, the wishes cover only a small subset from a project’s texture, are general and let lot of space for interpretation and implementation, though the same can be said about any principles that don’t provide a coherent worldview or a conceptual model.

The software development industry needs a coherent worldview that reflects its assumptions, models, characteristics, laws and challenges. Software Engineering (SE) attempts providing such a worldview though unfortunately is too complex for many and there seem to be a big divide when considered in respect to the worldviews introduced by the various Project Management (PM) methodologies. Studying one or two PM methodologies, learning a few programming languages and even the hand on experience on a few projects won’t fill the gaps in knowledge associated with the SE worldview.

Organizations don’t seem to see the need for professionals of having a formal education in SE. On the other side is expected from employees to have by default some of the skillset required, which is not the case. Besides understanding and implementing a technology there are a set of knowledge areas in which the IT professional must have at least a high-level knowledge if it’s expected from him/her to think critically about the respective areas. Unfortunately, the lack of such knowledge leads sometimes to situations which can impact negatively projects.

Almost each important word from the agile manifesto pulls with it a set of concepts from a SE’ worldview – customer satisfaction, software delivery, working software, requirements management, change management, cooperation, teamwork, trust, motivation, communication, metrics, stakeholders’ management, good design, good architecture, lessons learned, performance management, etc. The manifesto needs to be regarded from a SE’s eyeglasses if one expects value from it.

Previous Post <<||>>  Next Post

🛡️Information Security: Data Leak/Loss Prevention (Definitions)

"Attempts to prevent the loss of confidentiality of sensitive information by limiting the use of confidential information only for authorized purposes." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"A feature that protects data on laptops by enabling file-level authentication and secure erase options in the event that a laptop is lost or stolen." (CommVault, "Documentation 11.20", 2018)

"A set of technologies and inspection techniques used to classify information content contained within an object—such as a file, an email, a packet, an application or a data store - while at rest (in storage), in use (during an operation), or in transit (across a network). DLP tools also have the ability to dynamically apply a policy—such as log, report, classify, relocate, tag, and encrypt - and/or apply enterprise data rights management protections." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Data loss prevention (DLP; also known as data leak prevention) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

 "A capability that detects and prevents violations to corporate policies regarding the use, storage, and transmission of sensitive data. Its purpose is to enforce policies to prevent unwanted dissemination of sensitive information." (Forrester)

"A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of NSS information." (CNSSI 4009-2015 CNSSI 1011)

"Data loss protection (DLP) describes a set of technologies and inspection techniques used to classify information content contained within an object - such as a file, email, packet, application or data store - while at rest (in storage), in use (during an operation) or in transit (across a network). DLP tools are also have the ability to dynamically apply a policy - such as log, report, classify, relocate, tag and encrypt - and/or apply enterprise data rights management protections." (Gartner)

"Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer." (TechTarget) [source]

"Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network. The term describes software products that help a network administrator control the data that users can transfer." (proofpoint) [source]

🛡️Information Security: Cybersecurity (Definitions)

 "The art of ensuring the existence and continuity of the Information Society of a nation, guaranteeing and protecting, in Cyberspace, its information assets and critical infrastructure." (Claudia Canongia & Raphael Mandarino, "Cybersecurity: The New Challenge of the Information Society", 2012)

"The act of protecting technology, information, and networks from attacks." (Jason Williamson, "Getting a Big Data Job For Dummies", 2015)

"The practice of protecting computers and electronic communication systems as well as the associated information." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Cybersecurity deals with damage to, unauthorized use of, exploitation of electronic information and communications systems that ensure confidentiality, integrity and availability." (Sanjukta Pookulangara, "Cybersecurity: What Matters to Consumers - An Exploratory Study", 2016)

"Focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction." (Kimberly Lukin, "Russian Cyberwarfare Taxonomy and Cybersecurity Contradictions between Russia and EU", 2016)

"The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)

"The ability to protect against the unauthorized use of electronic data and malicious activity. This electronic data can be personal customer information such as names, addresses, social security numbers, credit cards, and debit cards, to name a few." (Brittany Bullard, "Style and Statistics", 2016)

"A trustworthiness property concerned with the protection of systems from cyberattacks." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Information security (infosec) but broadly referring to technology and human systems that are built around the secure exchange, storage, and management of information." (Shalin Hai-Jew, "Safe Distances: Online and RL Hyper-Personal Relationships as Potential Attack Surfaces", 2018)

"Is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment, organization, and user assets." (Thokozani I Nzimakwe, "Government's Dynamic Approach to Addressing Challenges of Cybersecurity in South Africa", 2018)

"Protection against criminal access to one’s data and information and against criminal manipulation of computer networks/data/systems." (Shalin Hai-Jew, "Beware!: A Multimodal Analysis of Cautionary Tales in Strategic Cybersecurity Messaging Online", 2018)

"The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyberspace environment and organization and users’ assets." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The organization and collection of resources, processes, and structures used to protect cyberspace from occurrences that misalign de jure from de facto property rights." (Mika Westerlund et al, "A Three-Vector Approach to Blind Spots in Cybersecurity", 2018)

"A computing-based discipline involving technology, people, information, and processes to enable assured operations. It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries." (Matt Bishop et al, "Cybersecurity Curricular Guidelines", 2019)

"Acts taken, technologies created and deployed, policies written and enacted, to protect computer systems and networks against misuse, intrusion, and exploitation." (Shalin Hai-Jew, "The Electronic Hive Mind and Cybersecurity: Mass-Scale Human Cognitive Limits to Explain the “Weakest Link” in Cybersecurity", 2019)

"Also known as computer security or IT security, is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide." (Soraya Sedkaoui, "Big Data Analytics for Entrepreneurial Success", 2019)

"Includes process, procedures, technologies, and controls designed to protect systems, networks, and data." (Sandra Blanke et al, "How Can a Cybersecurity Student Become a Cybersecurity Professional and Succeed in a Cybersecurity Career?", 2019)

"The protection of computer systems from theft and damage to their assets and from manipulation and distraction of their services." (Viacheslav Izosimov & Martin Törngren, "Security Awareness in the Internet of Everything", 2019)

"The protection of internet-connected systems including hardware, software, and data from cyberattacks."  (Semra Birgün & Zeynep Altan, "A Managerial Perspective for the Software Development Process: Achieving Software Product Quality by the Theory of Constraints", 2019)

"Cybersecurity is seen where security alerts and cyber-attacks are becoming more frequent and malicious, these threats include private access attempts and exploitation software or phishing, malware, web application attacks, and network penetration." (Theunis G Pelser & Garth Gaffley, "Implications of Digital Transformation on the Strategy Development Process for Business Leaders", 2020)

"Is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security - both are used by enterprises to protect against unauthorized access to data centers and other computerized systems." (Alexander A Filatov, "Sovereign Bureaucrats vs. Global Tech Companies: Ethical and Regulatory Challenges", 2020)

"It is a general term which describes technologies, processes, methods, and practices for the purpose of protection of internet-connected information systems from attacks, i.e., cyberattacks. Cybersecurity can refer to security of data, software or hardware within information systems." (Ana Gavrovska & Andreja Samčović, "Intelligent Automation Using Machine and Deep Learning in Cybersecurity of Industrial IoT: CCTV Security and DDoS Attack Detection", 2020)

"Cybersecurity is an act to protect data, devices, applications, servers, network from the malicious attack through various tools and techniques. The process also ensures the confidentiality, integrity, availability, and non-repudiation of the content." (Shafali Agarwal, "Preserving Information Security Using Fractal-Based Cryptosystem", 2021)

"Cybersecurity refers to the set of technologies, processes, and practices designed to safeguard networks, devices, programs, and data from attack, threats, or unauthorized access." (Sanjeev Rao et al, "Online Social Networks Misuse, Cyber Crimes, and Counter Mechanisms", 2021)

"It is the organization and collection of resources, processes, and structures used to protect cyberspace from security events." (Carlos A M S Teles et al, "A Black-Box Framework for Malicious Traffic Detection in ICT Environments", Handbook of Research on Cyber Crime and Information Privacy, 2021)

"Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation." (CNSSI 4009-2015)

"The ability to protect or defend the use of cyberspace from cyber attacks." (NISTIR 8170)

"The prevention of damage to, unauthorized use of, exploitation of, and - if needed - the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems." (NISTIR 8074 Vol. 2)

"The process of protecting information by preventing, detecting, and responding to attacks." (NISTIR 8183)

🛡️Information Security: Security Policy (Definitions)

"The active policy on the client's computer that programmatically generates a granted set of permissions from a set of requested permissions. A security policy consists of several levels that interact; by default only permissions granted by all layers are allowed to be granted." (Damien Watkins et al, "Programming in the .NET Environment", 2002)

"A collection of standards, policies, and procedures created to guarantee the security of a system and ensure auditing and compliance." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed, 2011)

"The set of decisions that govern security controls." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (IBM, "Informix Servers 12.1", 2014)

"A written statement describing the constraints or behavior an organization embraces regarding the information provided by its users" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Strategic tool used to dictate how sensitive information and resources are to be managed and protected." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"Set of rules, guidelines and procedures represented in official security documents that define way in which state will protect its own national security interests." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)

"A set of rules and practices that specify or regulate how a system or an organization provides security services to protect sensitive and critical system resources." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A statement of the rules governing the access to a system’s protected resources." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)

"A set of criteria for the provision of security services." (CNSSI 4009-2015 NIST)

 "A set of methods for protecting a database from accidental or malicious destruction of data or damage to the database infrastructure." (Oracle)

"Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions 'what' and 'why' without dealing with 'how'. Policies are normally stated in terms that are technology-independent." (NIST SP 800-82 Rev. 2)

🧱IT: Asset (Definitions)

[process asset:] "Anything that the organization considers useful in attaining the goals of a process area." (Sandy Shrum et al, "CMMI: Guidelines for Process Integration and Product Improvement", 2003)

[organizational process assets:] "Artifacts that relate to describing, implementing, and improving processes (e.g., policies, measurements, process descriptions, and process implementation support tools). The term process assets is used to indicate that these artifacts are developed or acquired to meet the business objectives of the organization, and they represent investments by the organization that are expected to provide current and future business value." (Sandy Shrum et al, "CMMI: Guidelines for Process Integration and Product Improvement", 2003)

[process asset:] "Artifacts that relate to describing, implementing, and improving processes (e.g., policies, process descriptions, guidance, examples, aids, checklists, project closeout reports, metrics data, and training materials). The artifacts meet the organization’s business objectives, and represent investments expected to provide current and future business value." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

[organizational process assets:] "Any or all process-related assets, from any or all of the organizations involved in the project that are or can be used to influence the project's success. These process assets include formal and informal plans, policies, procedures, and guidelines. The process assets also include the organizations’ knowledge bases such as lessons learned and historical information." (Project Management Institute, "Practice Standard for Project Estimating", 2010)

[organizational process assets:] "Any or all process related assets, from any or all of the organizations involved in the project that are or can be used to influence the project's success. These process assets include formal and informal plans, policies, procedures, and guidelines. The process assets also include the organizations' knowledge bases such as lessons learned and historical information." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)

[IT assets:] "Tangible deliverables created during the course of an IT project that can be used in other similar projects. Examples include design, software code, or a testing scenario." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

[organizational process assets:] "Plans, processes, policies, procedures, and knowledge bases specific to and used by the performing organization. " (Project Management Institute, "The Standard for Portfolio Management" 3rd Ed., 2012)

[organizational process assets:] "Plans, processes, policies, procedures, and knowledge bases that are specific to and used by the performing organization." (For Dummies, "PMP Certification All-in-One For Dummie", 2nd Ed., 2013)

[Software assets:] "software tools needed to manipulate the organization's information to accomplish the organization's mission." ( Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (that is, a system component - hardware, firmware, software, or documentation); or a facility that houses system operations and equipment." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Any item that has value to the organisation." (ISO/IEC 27000:2012)

🧱IT: IT Governance (Definitions)

"Framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." (Alan Calder, "IT Governance: Guidelines for Directors", 2005)

"The processes, policies, relationships, and mechanisms that ensure that information technology delivers business value while balancing risk and investment decisions. IT governance ensures accountability and provides rigor for managing IT capabilities in the context of a larger corporate governance framework." (Evan Levy & Jill Dyché, "Customer Data Integration", 2006)

"Addresses the application of governance to an IT organization and its people, processes, and information to guide the way those assets support the needs of the business. It may be characterized by assigning decision rights and measures to processes." (Tilak Mitra et al, "SOA Governance", 2008)

"IT governance is the system and structure for defining policy and monitoring and controlling the policy implementation, and managing and coordinating the procedures and resources aimed at ensuring the efficient and effective execution of services." (Anton Joha & Marijn Janssen, "The Strategic Determinants of Shared Services", 2008)

"The discipline of managing IT as a service to the business, aligning IT objectives with business goals." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"An integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure the enterprise’s IT sustains and extends the organization’s strategies and objectives." (Edephonce N Nfuka & Lazar Rusu, IT Governance in the Public Sector in a Developing Country, 2009)

"(1) Locus of IT decision-making authority (narrow definition). (2) The distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, and the rules and procedures for making and monitoring decisions on strategic IT concerns (comprehensive definition)." (Ryan R Peterson, "Trends in Information Technology Governance", 2009)

"Structure of relationships and processes to direct and control the IT enterprise to achieve IT’s goals by adding value while balancing risk versus return over IT and its processes." (IT Governance Institute, "IT Governance Implementation Guide, Using COBIT and Val IT", 2010)

"The discipline of tracking, managing, and steering an IS/IT landscape. Architectural governance is concerned with change processes (design governance). Operational governance looks at the operational performance of systems against contracted performance levels, the definition of operational performance levels, and the implementation of systems that ensure the effective operation of systems." (David Lyle & John G Schmidt, "Lean Integration", 2010)

"Formally established statements that direct the policies regarding IT alignment with organizational goals and allocation of resources." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

"Supervision monitoring and control of an organization's IT assets." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed, 2011)

"The processes and relationships that lead to reasoned decision making in IT." (Steven Romero, "Eliminating ‘Us and Them’", 2011)

"The function of ensuring that the enterprise's IT activities match and support the organization's strategies and objectives. Governance is very often associated with budgeting, project management, and compliance activities." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed, 2012)

"Controls and process to improve the effectiveness of information technology; also, the primary way that stakeholders can ensure that investments in IT create business value and contribute toward meeting business objectives." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"Processes used to ensure that IT resources are aligned with the goals of the organization. Organizations often use frameworks to help them with IT governance." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The framework of rules and practices by which an organization structures its technology decision-making process in order to ensure alignment of the organization's business strategy with its operations." (David K Pham, "From Business Strategy to Information Technology Roadmap", 2016)

"Set of methods and techniques for reaching full alignment between business strategy and IT strategy." (Dalia S Vugec, "IT Strategic Grid: A Longitudinal Multiple Case Study", 2019)

"The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." (Lili Aunimo et al, "Big Data Governance in Agile and Data-Driven Software Development: A Market Entry Case in the Educational Game Industry", 2019)

"The structures, processes, and mechanisms by which the current and future use of ICT is directed and controlled." (Konstantinos Tsilionis & Yves Wautelet, "Aligning Strategic-Driven Governance of Business IT Services With Their Agile Development: A Conceptual Modeling-Based Approach", 2021)

"IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." (Gartner)

"The system by which the current and future use of IT is directed and controlled, Corporate Governance of IT involves evaluating and directing the use of IT to support the organisation and monitoring this use to achieve plans." (ISO/IEC 38500)

🤝Governance: Guideline (Definitions)

"An indication or outline of policy or conduct. Adherence to guidelines is recommended but is not mandatory." (Tilak Mitra et al, "SOA Governance", 2008)

"A kind of business rule that is suggested, but not enforced." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"An official recommendation or advice that indicates policies, standards, or procedures for how something should be accomplished." (For Dummies, "PMP Certification All-in-One For Dummies, 2nd Ed.", 2013)

"A document that support standards and policies, but is not mandatory." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Non-enforced suggestions for increasing functioning and performance." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"Recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed, 2018)

"A description of a particular way of accomplishing something that is less prescriptive than a procedure." (ISTQB)

"A description that clarifies what should be done and how, to achieve the objectives set out in policies"

(ISO/IEC 13335-1:2004)

🤝Governance: Policy (Definitions)

"A general, usually strategically focused statement, rule, or regulation that describes how a particular activity, operation, or group of operations will be carried out within a company." (Steven Haines, "The Product Manager's Desk Reference", 2008)

"A deliberate plan of action to guide decisions and achieve rationale outcomes." (Tilak Mitra et al, "SOA Governance", 2008)

"Clear and measurable statements of preferred direction and behaviour to condition the decisions made within an organization." (ISO/IEC 38500:2008, 2008)

"The encoding of rules particular to a business domain, its data content, and the application systems designed to operate in this domain on this set of data." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"A rule or principle that guides or constrains the behavior of someone given decision rights. Policies provide guidelines, sometimes set limits, and sometimes enables behavior. Policies guide decision rights, which are generally conditional." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"A structured pattern of actions adopted by an organization such that the organization’s policy can be explained as a set of basic principles that govern the organization’s conduct." (For Dummies, "PMP Certification All-in-One For Dummies, 2nd Ed.", 2013)

"A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. A policy can include some specifics of processes allowed and not allowed." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"The intentions of an organisation as formally expressed by its top management [1]" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A document that regulates conduct through a general statement of beliefs, goals, and objectives." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A structured pattern of actions adopted by an organization such that the organization's policy can be explained as a set of basic principles that govern the organization's conduct." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide)" 6th Ed., 2017)

"A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. Can include some specifics of processes allowed and not allowed." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

"A statement of objectives, rules, practices or regulations governing the activities of people within a certain context." (NISTIR 4734)

"Statements, rules, or assertions that specify the correct or expected behavior of an entity." (NIST SP 1800-15B)