♜Strategic Management: Maturity (Definitions)

"The extent to which an organization has explicitly and consistently deployed processes that are documented, managed, measured, controlled, and continually improved. Organizational maturity may be measured via appraisals." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

[process maturity:] "The extent to which an organization’s processes are defined, managed, measured, controlled, and continually improved. Process maturity implies continued improvement in the organization’s capability for performing its business activities, and indicates consistency in performing its processes throughout the organization." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management 2nd Ed.", 2009)

[Organizational Project Management Maturity Model:] "A framework that defines knowledge, assessment, and improvement processes, based on Best Practices and Capabilities, to help organizations measure and mature their portfolio, program, and project management practices." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed", 2013)

[Project Management Maturity:] "Project management processes measured by the ability of an organization to successfully initiate, plan, execute, and monitor and control individual projects. Project management maturity is limited to individual project execution and doesn't address key processes, Capabilities, or Best Practices at the organizational, portfolio, or program level. The focus of project management maturity is 'doing projects right'." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed", 2013)

[Organizational Project Management Maturity:] "The level of an organization’s ability to deliver the desired strategic outcomes in a predictable, controllable, and reliable manner." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"Within OPM3, maturity comprises not only the state of performance within portfolio, program, and project management, but also the organization's evolution toward that state as illustrated by SMCI." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed., 2013)

"A measurement of the ability of an organization to undertake continuous improvement in a particular discipline." (Yassine Maleh et al, 'Strategic IT Governance and Performance Frameworks in Large Organizations", 2019)

"In relation to organizations or activities, the level of sophistication or development of a specific program or activity." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"(1) The capability of an organization with respect to the effectiveness and efficiency of its processes and work practices. (2) The capability of the software product to avoid failure as a result of defects in the software. [ISO 9126] See also reliability." (SQA)

"Measure of the reliability, efficiency and effectiveness of a process, function, etc." (ITIL)

♜Strategic Management: Benchmarking (Definitions)

"The process of comparison in which one set of metrics comes from the entity being measured and the other set of metrics comes from averages for an industry, specific configuration, or other common attributes." (Janice M Roehl-Anderson, IT Best Practices for Financial Managers, 2010) 

Benchmarks: "Objective measures of performance, often available from industry trade associations." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A systematic process of comparing an organization to other organizations for the purposes of identifying better work methods and determining best practices." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed., 2012)

"Benchmarking uses external and internal comparisons to plan for future improvements." (John R Schermerhorn Jr, "Management" 12th Ed., 2012)

"A point of reference for measurement." (Information Management)

"A technique in which an organization measures its performance against that of best-in-class organizations, determines how those organizations achieved their performance levels and uses the information to improve its own performance. Subjects that can be benchmarked include strategies, operations and processes." (American Society for Quality)

♜Strategic Management: Risk Threshold (Definitions)

"Risk limits to be approached, but not exceeded." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"Measure of the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will not tolerate the risk." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"The level of risk exposure above which risks are addressed and below which risks may be accepted." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide )", 2017)

"The level of risk beyond which an adversary is unwilling to go when considering an attack on a target." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

♜Strategic Management: Business Impact Analysis (Definitions)

"The process of delineating the functions most critical to the survival of a business." (Yvette Ghormley, "Business Continuity and Disaster Recovery Plans", 2009)

"A management-level analysis which identifies the impacts of losing company resources. The BIA measures the effect of resource loss and escalating losses over time, in order to provide senior management with reliable data on which to base decisions concerning risk mitigation and continuity planning." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"A method or exercise to determine the impact of losing the support or availability of a resource." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"Aims to (a) identify critical business processes, stakeholders, assets, resources and internal/external dependencies and (b) assesses and evaluates potential damages or losses at business level that may be caused by a threat to IT landscape." (Ulrich Winkler & Wasif Gilani, "Business Continuity Management of Business Driven IT Landscapes", 2012)

"A process used to analyze the business and identify critical functions and services. The BIA also helps the organization determine the cost impact of losing these functions and services. Organizations use the results as part of an overall business continuity plan." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The identification of services and products that are critical to the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The process of analysing activities and the effect that a business disruption might have upon them." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function’s criticality level." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"The analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A business continuity management activity which is mainly intended for defining the core business functions, the recovery priorities regarding these functions and the corresponding time required for the resumption of each function." (Athanasios Podaras et al, "Regression-Based Recovery Time Predictions in Business Continuity Management: A Public College Case Study", 2021)

"Activity that identifies the VMF and their dependencies" (ITIL)

"An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (CNSSI 4009-2015)

♜Strategic Management: Corporate Governance (Definitions)

"Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals. The governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations and society." (Dominic Cadbury, UK, "Commission Report: Corporate Governance", 1992)

"The system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board of directors, managers, employees, shareholders, and other stakeholders, and spells out the rules and procedures for making decisions about corporate affairs." (Tilak Mitra et al, "SOA Governance", 2008)

"Rules and processses ensuring that the enterprise adheres to accepted ethical standards, best practices, and laws." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"This focuses on who the firm should serve, the distribution of power and relationships among different stakeholders, and the selection and conduct of senior management." (Duncan Angwin et al, "The Strategy Pathfinder: Core Concepts and Live Cases" 2nd Ed., 2011)

"Essentially, decision making and communications. The need for good governance stems from the need of organizations to make good decisions and to communicate them effectively. Often, when faced with poor outcomes, the organization needs to review how the decisions were made and then put into place structures that support better future decisions. It can be considered to encompass relationships among a company’s management, its board (or management team), its shareholders, and other stakeholders and to provide the structure through which the objectives of the company are set, as well as the means of attaining those objectives and monitoring performance." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"Corporate governance is a set of relationships framed by corporate bylaws, articles of association, charters, and applicable statutory or other legal rules and principles, between the board of directors, shareholders, and other stakeholders of a organization that outlines the relationship among these groups, sets rules how the organization should be managed, and sets its operational framework." (Christopher Donohue et al, "Foundations of Financial Risk: An Overview of Financial Risk and Risk-based Financial Regulation" 2nd Ed, 2015)

"This focuses on who the firm should serve, the distribution of power and relationships among different stakeholders, and the selection and conduct of senior management." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"The framework of rules, norms, and accepted practice established as an organizational infrastructure to enable strategic outcomes, accountability, transparency, oversight, and the management of data, risk, and relationships." (Kevin J Sweeney, "Re-Imagining Data Governance", 2018)

"The system by which companies are directed and controlled." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

"The systems and controls in place to protect the rights of corporate stakeholders." (Donald DePamphilis, "Mergers, Acquisitions, and Other Restructuring Activities" 10th Ed., 2019)

"The tangible and intangible way firms behave and relate with stakeholders. Many nations have codified the behavior and accountability expected of directors to provide equitable treatment all stakeholders." (Sue Milton, "Data Privacy vs. Data Security", 2021)

"The system by which enterprises are directed and controlled. The board of directors is responsible for the governance of their enterprise. It consists of the leadership and organizational structures and processes that ensure the enterprise sustains and extends strategies and objectives." (ISACA)

Strategic Management: Recovery Time Objective (RTO)

"Following a disaster, the amount of time that a system may be offline before it must be up and running." (Tom Petrocelli, "Data Protection and Information Lifecycle Management", 2005)

"The period of time within which systems, applications, or functions must be recovered after an outage (e.g., one business day). RTOs are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation." (Disaster Recovery Journal & DRI, 2007)

"This is a measure indicating how quickly after an outage IT infrastructure needs to be recovered to continue operations. The smaller the number, the quicker the solution must be able to be recovered." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"The intent to recover lost applications, within specific time limitations, to assure a certain level of operational continuity. Expresses the amount of time a business will tolerate the computing system (hardware, software, services) to be offline." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"An expression of the amount of time a business will tolerate the computing system (hardware, software, DBMS, services) to be offline." (Craig S Mullins, "Database Administration", 2012)

"in disaster recovery planning, the expected amount of time between the disaster, and when services are restored." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"In disaster recovery planning, the total time one can allow for their systems to be offline." (IBM, "Informix Servers 12.1", 2014)

"The earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"The target time set for resumption of product, service, or activity delivery after an incident. It is the maximum allowable downtime that can occur without severely impacting the recovery of operations or the time in which systems, applications, or business functions must be recovered after an outage (for example, the point in time at which a process can no longer be inoperable)." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

♜Strategic Management: Critical Success Factor [CSF] (Definitions)

"A brief listing of what should be monitored closely on an ongoing basis to ensure that the project is proceeding adequately. Also known as the project vital signs or metrics." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

"Those things which must go right for the organization to achieve its mission." (Tilak Mitra et al, "SOA Governance", 2008)

[success criteria:] "According to cybernetic theory, in a feedback loop the set point that determines the extent to which a system process meets its process objective. This must be expressed in terms of either a 'Minimum value' or a 'Maximum value' of an attribute." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"An element that is necessary for an organization or project to achieve its mission." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

[success criteria:] "A measurable result the project has to deliver in order for the customer to say the project is a success." (Bonnie Biafore, "Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft® Project", 2011)

"Activities that your business undertakes with the aim of meeting strategic long-term goals. CSFs are measured with performance indicators." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"One of the few most important prerequisite conditions necessary for an enterprise to reach its goals." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"The most essential factors that must go right or be closely tracked in order to ensure an organization's survival and success." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

[success criteria:] "Specific and unequivocal statements that indicate how the project manager or project sponsor will know that a project achieved its goal, often reflecting strategic business goals." (Bonnie Biafore & Teresa Stover, "Your Project Management Coach: Best Practices for Managing Projects in the Real World", 2012)

"The requirements for strategic success in a particular industry at a particular point in time." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"Sources of competitive advantage within an industry." (Robert M Grant, "Contemporary Strategy Analysis"10th Ed., 2018)

"The key things that the organization must do extremely well to overcome today’s problems and the roadblocks to meeting the Mission and Vision Statements." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

"An element necessary for an organization or project to achieve its mission. Critical success factors are the critical factors or activities required for ensuring the success." (ISTQB)

"something that must happen if a process, project, plan or service is to succeed" (ITIL)