14 April 2016

♜Strategic Management: Business Continuity (Definitions)

"The ability of a business to continue to operate in the face of disaster." (Tom Petrocelli, "Data Protection and Information Lifecycle Management", 2005)

"A business function that attempts to prevent any major disruptions to business processes, both through planning, to avoid unplanned outages in the first place, and then through implementing solutions that minimize the effects of unplanned outages if they do occur." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"The continuance of business operations regardless of disasters that befall it." (Yvette Ghormley, "Business Continuity and Disaster Recovery Plans", 2009)

"The degree of uninterrupted stability of an organization’s systems and operations in spite of potentially disruptive events." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Capability of the organization to continue delivery of products at acceptable predefined levels following disruptive incident" (ISO 22301:2012, 2012)

"The processes and procedures that an organization puts in place to ensure that they can continue to provide essential functions during and after a disaster." (Rebecca Hamilton & Diane Brown, "Disaster Management and Continuity Planning in Libraries: Changes since the Year 2000", 2016)

"Capability of an organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Business continuity embraces all the operations in a company, including how employees function in compromised situations." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The capability of the organisation to continue delivery of products and services at acceptable pre-defined levels following a disruptive incident." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"The act of ensuring that core business units and critical services operate at an acceptable level after some unexpected interruption or a crisis incident." (Athanasios Podaras et al, "Regression-Based Recovery Time Predictions in Business Continuity Management: A Public College Case Study", 2021)

"Business process responsible for managing risks that could seriously affect the business" (ITIL)

13 April 2016

♜Strategic Management: Churn (Definitions)

"In a subscription service, the ratio of customers lost to customers gained." (Ralph Kimball & Margy Ross, "The Data Warehouse Toolkit" 2nd Ed., 2002)

"Reflects the tendency of subscribers to switch services." (Glenn J Myatt, "Making Sense of Data: A Practical Guide to Exploratory Data Analysis and Data Mining", 2006)

"The phenomenon of customers leaving your business to go to a competitor. Churn implies the customer might or might not return. “Churn reduction” is another way of saying customer retention and is a major goal of CRM programs. Churn is most often used in conjunction with commodity businesses such as telcos, utilities, and airlines." (Evan Levy & Jill Dyché, "Customer Data Integration", 2006)

"Reflects the tendency of subscribers to switch services." (Glenn J Myatt, "Making Sense of Data: A Practical Guide to Exploratory Data Analysis and Data Mining", 2007)

"Also known as customer attrition, this is a term used by businesses to describe the loss of clients or customers." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"A customer switches to a competitor's service." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[viral churn:] "A situation in which individuals cancel their services because other people in their network have canceled their service. Common reasons include being made aware of better options and pull-through by leveraging positive network externalities." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

"A term that refers to a customers going to a different provider. Depending on the context, it may refer to a total migration away from the organization in question to a reduction in consumption." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

10 April 2016

♜Strategic Management: Risk Assessment (Definitions)

"An evaluation of the risks and possible bad outcomes an organization faces and the likelihood these may occur." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"identifying and aggregating the risks facing the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)

"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009) 

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (NIST SP 800-137)

"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses." (NIST SP 800-18)

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system." (NIST SP 800-171)

♜Strategic Management: Contingency Plan (Definitions)

"An identification of alternative strategies to be used to ensure project success if specified risk events occur." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

[contingency planning:] "A management process that analyses disaster risks and establishes arrangements in advance to enable timely, effective and appropriate responses." (ISDR, 2009)

"Specific planning designed to create a quick response after the occurrence of a risk event." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A plan that identifies alternative approaches to be used if the corresponding risk events occur." (Bonnie Biafore, "Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft® Project", 2011)

"A plan developed to mitigate the outcome of a risk, once the risk has materialised." (Mike Clayton, "Brilliant Project Leader", 2012)

"Mitigation plan alternative course(s) of action devised to cope with project risks." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"A plan that allows an organization to respond appropriately to a specific type of unplanned event."(Rebecca Hamilton & Diane Brown, "Disaster Management and Continuity Planning in Libraries: Changes since the Year 2000", 2016)

"A plan for continued operation and execution of the most essential functions of a mission in the event of a disruptive failure, such as a natural disaster or a major cyberattack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A plan put in place before any potential emergencies, with the mission of dealing with possible future emergencies. It pertains to training personnel, performing backups, preparing critical facilities, and recovering from an emergency or disaster so that business operations can continue." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

[contingency planning:] "Management policies and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A plan that is maintained for disaster response, backup operations, and post-disaster recovery to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation." (NIST SP 800-57 Part 1)

"Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the continuity of operations plan (COOP) or disaster recovery plan (DRP) for major disruptions." (CNSSI 4009-2015)

08 April 2016

♜Strategic Management: Disaster Recovery Plan [DSP] (Definitions)

"A plan that establishes technical and organizational measures in order to face events or incidents with potentially huge impact that could even lead to the unavailability of data centers. The DRP development defines and ensures IT emergency procedures that intervene and protect the data relevant for the company activities and services. DRP is usually considered as the only part of the BCP in banking business continuity initiatives." (Vincenzo Morabito & Gianluigi Viscusi, "Information Technology Business Continuity", 2009)

"Generally a plan for enabling an organization to move to alternate system, network, and operational facilities in the event of an incident making the primary facilities unusable." (C Warren Axelrod, "Responsibilities and Liabilities with Respect to Catastrophes", 2009)

"A contingency plan that goes into effect after a full disaster occurs, used to reestablish basic capabilities and resources." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A written plan that explains how a company will recover its IT operations after a natural or man-made disaster that causes data or hardware loss." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Plans that document the steps you can take to replace damaged or destroyed components due to a disaster to restore the integrity of your IT infrastructure. " (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities." (NIST SP 800-82 Rev. 2)

"A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities." (NIST SP 800-34 Rev. 1)

"Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days." (CNSSI 4009-2015)

07 April 2016

♜Strategic Management: Cost-Benefit Analysis [CBA] (Definitions)

"The process of comparing the cost of achieving a goal against the benefit to be gained by its achievement." (Dale Furtwengler, "Ten Minute Guide to Performance Appraisals", 2000)

"An analysis to determine whether the favorable results of an alternative are sufficient to justify the cost of taking that alternative. This analysis is widely used in connection with capital expenditure projects." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"An evaluation that determines the value of an approach relative to its costs and benefits; used in risk management to evaluate mitigation strategies." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"Comparison of the estimated value of business benefits over time to the estimated cost of expenditures required to realize these benefits." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Investigation to determine whether the benefits exceed the costs for a proposed course of action. Often used to evaluate whether to add features or complexity to a cost accounting system or to choose a course of action in a business decision." (Leslie G Eldenburg & Susan K Wolcott, "Cost Management" 2nd Ed., 2011)

"Study that helps in decisions on IT investments by determining if the benefits (possibly including intangible ones) exceed the costs." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A technique that weighs expected costs against expected financial and nonfinancial benefits (value) to determine the best (according to relevant criteria) course of action." (Project Management Institute, "The Standard for Portfolio Management 3rd Ed.", 2012)

"A financial analysis tool used to determine the benefits provided by a project against its costs." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"An analysis of costs and benefits related to an expenditure. A CBA identifies and analyzes the costs and benefits to simplify the decision-making process." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"An estimate of the equivalent monetary value of proposed benefits and the estimated costs associated with a control in order to establish whether the control is feasible." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A method of determining the expenses and impacts for a given investment. Example: a cost-benefit analysis will be used to determine whether we engage in a specific investment." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A financial analysis tool used to determine the benefits provided by a project against its costs." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide ", 2017)

"A tool used in decision support special studies that can assist in the allocation of capital. Cost–Benefit Analysis is a systematic, quantitative method for assessing the life cycle costs and benefits of competing alternatives. It identifies both tangible and intangible costs and benefits." (Ciara Heavin & Daniel J Power, "Decision Support, Analytics, and Business Intelligence" 3rd Ed., 2017)

"An assessment that is performed to ensure that the cost of a safeguard does not outweigh the benefit of the safeguard. Spending more to protect an asset than the asset is actually worth does not make good business sense. All possible safeguards must be evaluated to ensure that the most security-effective and cost-effective choice is made." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

♜Strategic Management: Disaster Recovery (Definitions)

"The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions." (Disaster Recovery Journal & DRI, 2007)

"A process that is required after a major business disruption caused by the occurrence of a disaster." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"The process of regaining access to data, hardware, or software after a computer based human or natural disaster." (Dwayne Stevens & David T Green, "A Strategy for Enterprise VoIP Security", 2009)

"This is a process that describes how to recover the IT environment after a disaster such as a fire destroying the IT building." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"the ability of an infrastructure to resume operations after a disaster. Disaster Recovery differentiates from Business Continuity Planning in that Disaster Recovery is primarily associated with resources and facilities, while BCP is primarily associated with processes." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"The coordinated activity to enable the recovery of IT (and other) systems due to a disruption." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"The planning, preparation, and testing set of activities used to help a business plan for and recover from any major business interruption and to resume normal business operations." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"the process adopted by the IT organization in order to bring systems back up and running." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"An area of security planning that aims to protect an organization from the effects of significant negative events. DR allows an organization to maintain or quickly resume mission-critical functions following a disaster." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The planning for and/or the implementation of a strategy to respond to such failures as a total infrastructure loss, or the failure of computers (CommServe server, MediaAgent, client, or application), networks, storage hardware, or media. A disaster recovery strategy typically involves the creation and maintenance of a secure disaster recovery site, and the day-to-day tasks of running regular disaster recovery backups." (CommVault, "Documentation 11.20", 2018)

"Is an organization's method of regaining access and functionality to its IT infrastructure, to continue the delivery of services that support business processes, after a disruptive incident." (Nelson Russo & Leonilde Reis, "Methodological Approach to Systematization of Business Continuity in Organizations", 2021)

04 April 2016

♜Strategic Management: Value Chain (Definitions)

"Sequence of processes that describe the movement of products or services through a pipeline from original creation to final sales." (Ralph Kimball & Margy Ross, "The Data Warehouse Toolkit 2nd Ed ", 2002)

"Framework for examining the strengths and weaknesses of an organization and for using the results of this analysis to improve performance." (Alan W Steiss, "Strategic Management for Public and Nonprofit Organizations", 2003)

"An end-to-end set of activities in support of customer needs, usually beginning with a customer request and ending with customer receipt of benefits." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Sequence of business processes in which value is added to a product or service. Encompasses customers and suppliers as well as, in some cases, the customers' customers and the suppliers' suppliers." (Leslie G Eldenburg & Susan K Wolcott, "Cost Management" 2nd Ed., 2011)

"A linked set of value-creating activities that begins with basic raw materials coming from suppliers and ends with distributors getting the final goods into the hands of the ultimate consumer." (Thomas L Wheelen & J David Hunger., "Strategic management and business policy: toward global sustainability 13th Ed.", 2012)

"Composed of all the stakeholders (designers, suppliers, manufacturers, customers, and others) who add value to or receive value from specific products or services." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed., 2012)

"The set of both primary and support activities or processes that an organization sets up to perform in order to achieve its mission and goals." (Andrew Pham et al, "From Business Strategy to Information Technology Roadmap", 2016)

"A value chain is a set of activities that an enterprise operating in a specific industry performs to deliver a valuable product or service for the market." (by Brian Johnson & Leon-Paul de Rouw, "Collaborative Business Design", 2017)

"The linked set of activities/functions within a firm that interact to enable the final value-creating offering (product/service) of the firm. At the industry level, it can also mean the total set of value-adding links from the first supplier to the final user of a product/service." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder 3rd Ed.", 2017)

"A sequence of vertically related activities undertaken by a single firm or by a number of vertically related firms in order to produce a product or service." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

"A value chain is a set of linked activities that transform inputs into outputs that in turn add to at least one of the ecological, societal or economic bottom lines and help create competitive advantages." (Rick Edgeman, "Lean and Six Sigma Innovation and Design", Encyclopedia of Information Science and Technology" 4th Ed., 2018)

"sequence of processes that creates a product/service that is of value to a customer" (ITIL)

29 March 2016

♜Strategic Management: Decision-Making (Definitions)

[decision-making:] "The process of making choices in a project team environment. Several types of decision-making are useful in projects: consensus, leader-imposed, delegated, voting, and scoring models." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

[semistructured decisions:] "Decisions in which only some of the phases are structured; require a combination of standard solution procedures and individual judgment." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[strategic decision:] "refers to a decision that exhibits the following characteristics: it is made in a situation of uncertainty, of incomplete information, in a complex environment, variable/mutating environment (as opposed to 'all things being otherwise equal'); it is not recurrent, therefore the decision maker is relatively deprived; it may have far-reaching (favorable or adverse) consequences that could jeopardize the survivability of the enterprise; it is systemic (many elements with many relationships among them); the decision maker does not have experience-proven models (we cannot resort to 'turnkey' mechanisms). " (Humbert Lesca & Nicolas Lesca, "Weak Signals for Strategic Intelligence: Anticipation Tool for Managers", 2011)

[strategic decisions:] "Decisions for sustained enterprise success and business growth." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[tactical decisions:] "Decisions ensuring that existing operations and processes are in alignment with business objectives and strategies." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[decision-making processes:] "Management processes that define objectives, study alternatives, analyze available data, and reflect on intuitive beliefs. They interpret findings and compare alternates to form a conclusion or make a choice upon which the organization may act." (Carl F Lehmann, "Strategy and Business Process Management", 2012)

[microdecision:] "A small decision made many times by many workers at the front line of the organization. They usually have a significant impact on organizational performance due to their sheer volume." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

[decision-making:] "How decisions are made, based on what types of resources, information, and specific processes are available." (Jim Davis & Aiman Zeid, "Business Transformation: A Roadmap for Maximizing Organizational Insights", 2014)

[decision-making] "the process of making choices or reaching conclusions, especially on important political or business matters." (Ken Sylvester, "Negotiating in the Leadership Zone", 2015)

[tactical decisions:] "broader decision questions than operational ­decisions, semistructured in nature, some but not all information ­necessary to make the decision is available, primarily internally focused and made by middle-level managers." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

[operating or function-specific decisions:] "day-to-day, routine ­decisions with a concise decision question and a clear, well-defined, and structured algorithm to make a choice among alternatives." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

[strategic decisions:] "complex, nonroutine, unstructured decisions involving many different and connected parts. Some variables may not be well understood, often information required to make the decision may be unavailable, incomplete, and in some situations information may be known to be flawed or inaccurate. These decisions usually involve a high degree of uncertainty about outcomes. If implemented, strategic ­decisions often result in major changes in an organization." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

26 March 2016

♜Strategic Management: Business Value (Definitions)

"A concept that is unique to each organization and includes tangible and intangible elements. Through the effective use of project, program, and portfolio management disciplines, organizations will possess the ability to employ reliable, established processes to meet enterprise objectives and obtain greater business value from their investments. |" (Project Management Institute, "Software Extension to the PMBOK® Guide 5th Ed", 2013)

"The net quantifiable benefit derived from a business endeavor. The benefit may be tangible, intangible, or both." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide )", 2017)

"Entire value of the business; total sum of tangible (assets, fixtures, equity, utility) and intangible elements (goodwill, recognition, public benefit, trademarks): short, medium, or long term." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

25 March 2016

♜Strategic Management: Business Continuity Plan [BCP] (Definitions)

"A plan for ensuring that businesses will be able to recover from the effects of a destructive incident and continue to operate at an acceptable level." (C Warren Axelrod, "Responsibilities and Liabilities with Respect to Catastrophes", 2009)

"An emergency contingency plan that spells out how to recover and restore functions that have been partially or completely interrupted." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"The advance planning and preparations which are necessary to identify the impact of potential losses, formulate and implement viable recovery strategies, develop recovery plan(s) which ensure continuity of organizational services in the event of an emergency or disaster, and administer a comprehensive training, testing, and maintenance program." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"Plan that outlines the process by which businesses should recover from a major disaster. Also known as a disaster recovery plan." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A methodology used to create a plan for how an organization will resume partially or completely interrupted critical function(s) within a predetermined time after a disaster or disruption. BCP differentiates from disaster recovery in that DR is primarily associated with resources and facilities, while BCP is associated primarily with processes." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"Overall planning lifecycle dedicated to analysis, design, implementation, testing, and maintenance of various elements designed to keep the organization operating even after a significant outage. Business continuity planning is a continuous process." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"This refers to the documented procedures and information that enable the organization and or business unit/third party agent to respond to a disruption, recover, and resume critical business functions." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A business continuity action plan is a document or set of documents that contains the critical information a business needs to stay running in spite of adverse events. A business continuity plan is also called an emergency plan." (Adam Gordon, "Official (ISC)2 Guide to the CISSP" CBK 4th Ed., 2015)

"Plans that document the steps to restore business operation after an interruption. BCPs, along with DRPs, enable you to recover from disruptions ranging from small to large." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Documented procedures that guide organizations to respond, recover, resume, and restore to a predefined level of operation following disruption." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Business continuity plans are made up of documented procedures. Organizations use these procedures to respond to disruptive incidents, to guide recovery efforts, to resume prioritized activities, and to restore operations to acceptable predefined levels. Business continuity plans usually identify the services, activities, and resources needed to ensure that prioritized business activities and functions could continue whenever disruptions occur." (ISO 22301:2012, 2012).

"Plan defining the steps required to restore business processes following a disruption" (ITIL)

"The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption." (CNSSI 4009-2015) 

♜Strategic Management: Assurance (Definitions)

"All the systematic actions necessary to have the confidence that the target (process, program, project, outcome, benefit, capability, product output, deliverable) is appropriate. Assurance must be independent from what is being assured." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include performance, compliance, system security, and due diligence engagements." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A level of confidence that appropriate and effective IT controls are in place." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Confidence that a system exhibits a stated set of properties." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. 'Adequately met' includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass." (NIST SP 800-12 Rev. 1)

"Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy." (NIST SP 800-39)

"The grounds for confidence that the set of intended security controls in an information system are effective in their application." (NIST SP 800-27 Rev A)

♜Strategic Management: Assessment (Definitions)

"Evaluation of an an organization’s process performance capability against a model (e.g., Automotive SPICE PAM). The goal is the rating and improvement of processes (process capability)." (Lars Dittmann et al, "Automotive SPICE in Practice", 2008)

"(1) The comparison of the actual environment and data to requirements and expectations. (2) The first high-level step in the Information and Data Quality Improvement Cycle." (Danette McGilvray, "Executing Data Quality Projects", 2008)

"An appraisal that an organization does internally for the purposes of process improvement. The word assessment is also used in the People CMM in an everyday English sense (e.g., performance assessment)." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management" 2nd Ed., 2009)

"A judgment about the implications of an influencer on either one or more means (such as particular courses of action) or one or more ends, such as particular desired results." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"Activity of determination of quantitative or qualitative value of a product, service, activity, process in regard to given quality or acceptance criteria." (IQBBA, "Standard glossary of terms used in Software Engineering", 2011)

"Assessment is the process of evaluating or estimating the nature, ability, or quality of a thing. As a synonym for measurement, assessment implies the need to compare one thing to another in order to understand it. Assessment implies drawing a conclusion - evaluating - the object of the assessment (NOAD) whereas measurement does not always imply so." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"Evaluation of an organization's successful execution of processes and standards. For OPM3, various tools to assess organizational project management maturity exist in the marketplace with variations of granularity." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3)" 3rd Ed., 2013)

"The outcome of an evaluation of a process or event. Example: a scored exam constitutes an assessment of learning." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A systematic evaluation process of collecting and analyzing data to determine the current, historical or projected compliance of an organization to a standard." (ASQ).

"inspection and analysis to check whether a standard or set of guidelines are being followed, that records are accurate, or that efficiency and effectiveness targets are being met" (ITIL)

12 March 2016

♜Strategic Management: Business Analysis [BA] (Definitions)

 "(1) The study of business processes, practices and business systems requirements. (2) The application of information to better understand business opportunities and challenges." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"A set of tools and methods used for execrating business insight making from the available data or system structure. It provide meaningful information with dynamic and sophisticate methods of problem solving such as optimization." (Shokoufeh Mirzaei, Defining a Business-Driven Optimization Problem, 2014)

"Business analytics is the combination of skills, technologies, applications, and processes used by organizations to gain insight into their business-based data and statistics to drive business planning." (K Hariharanath, "BIG Data: An Enabler in Developing Business Models in Cloud Computing Environments", 2019)

"Business analysis is the practice of understanding business needs and enabling change, including the recommendation of solutions." (Esta Lessing, "CCBA® and CBAP® Certifications Study Guide", 2020)

"It is the process of working with factual information in organizations, using suitable tools and techniques to identify the nuggets of wisdom (insights) from them that can have direct impact on influencing good decision making." (Tanushri Banerjee & Arindam Banerjee, "Designing a Business Analytics Culture in Organizations in India", 2021)

"Business analysis is a practice that involves understanding the current capabilities and needs of the business users, identifying gaps in the current processes, and enabling desired future capabilities to derive efficiencies, competitive advantage, and business benefits." (Srini Munagavalasa, "The Salesforce Business Analyst Handbook", 2022)

"Business analysis is the means through which operational problems and issues are systematically identified and investigated, different approaches are evaluated, and optimal solutions are determined." (Qlik) [source]

"Business Analysis is the practice of enabling change in an enterprise by defining needs and recommending solutions that deliver value to stakeholders." (IIBA)

"The set of tasks, knowledge, tools and techniques required to identify business needs and determine solutions to business problems" (Business Analysis BOK) 

07 March 2016

♜Strategic Management: Risk Analysis (Definitions)

 "The evaluation, classification, and prioritization of risks." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

"The process of identifying, characterizing, and prioritizing risks." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (Tilo Linz et al, "Software Testing Practice: Test Management", 2007)

"The process of measuring and analyzing the risks associated with financial and investment decisions. Risk refers to the variability of expected returns (earnings or cash flows)." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"A formal definition of risks based on asset identification, threat enumeration, and consequence evaluation." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"Systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"The process to comprehend the nature of risk and to determine the level of risk [3]" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"This is the part where we combine the impact and the likelihood (or probability) to calculate the level of risk and to plot it onto a risk matrix, which allows us to compare risks for their severity and to decide which are in greatest need of treatment." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Determining the nature and likelihood of the risks to key data" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"A process undertaken to comprehend the nature of risk and to determine the level of risk." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (IQBBA)

"The process to comprehend the nature of risk and to determine the level of risk" (ISO Guide 73:2009)

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.