Location>code7788 >text

Chapter 4: Information Systems Management (2024 Detailed Explanatory Version)

Popularity:744 ℃/2024-10-12 10:22:24

catalogs
  • 4.1 Management approach
    • 4.1.1 Management foundations
      • 4.1.1.1 Hierarchy of information systems
      • 4.1.1.2 System administration
        • 4.1.1.2.1 Planning and organization
          • 4.1.1.2.1.1 Information systems strategic triangle
            • Information Systems Strategy Triangle ----- Business Strategy
            • Information Systems Strategy Triangle ----- Organizational Mechanisms Strategy
            • Information Systems Strategy Triangle ----- Information Systems Strategy (details need not be memorized)
    • 4.1.2 Design and implementation
      • 4.1.2.1 Design methodology
        • 4.1.2.1.1 Two conversions
        • 4.1.2.1.2 Conversion frameworks
      • 4.1.2.2 Architecture Patterns (should be mastered)
    • 4.1.3 Peacekeeping services (more important)
      • 4.1.3.1 Overview of information system operation and maintenance services
        • 4.1.3.1.1 Operational management and control
        • 4.1.3.1.2 IT service management
        • 4.1.3.1.3 Operation and monitoring
        • 4.1.3.1.4 Terminal-side management (providing a PC or account for users to manage)
        • 4.1.3.1.5 Program library management
        • 4.1.3.1.6 Security management
        • 4.1.3.1.7 Media control
        • 4.1.3.1.8 Data management
    • 4.1.4 Optimization and continuous improvement
      • 4.1.4.1 Concepts of optimization and continuous improvement
      • 4.1.4.2 DMAIC/DMADV (can be read as Dematic)
        • 4.1.4.2.1 Definition phase
        • 4.1.4.2.2 Metrics phase
        • 4.1.4.2.3 Analysis phase
        • 4.1.4.2.4 Improvement/design phase
        • 4.1.4.2.5 Control/validation phase
  • 4.2 Management points
    • 4.2.1 Data management (emphasis)
      • 4.2.1.1 Concept of data management
      • 4.2.1.2 DCMM (domestically proposed)
        • 4.2.1.2.1 8 core competency domains and 28 process domains (memorize at least eight competency domains (those in blue))
          • Data strategy
          • data governance
          • data architecture
          • data application
          • data security
          • Data quality
          • data standard
          • Data life cycle
      • 4.2.1.3 Theoretical Framework and Maturity Levels
      • 4.2.1.3.1 Data management capability maturity model (exam point)
      • 4.2.1.3.2 DGI Data Governance Framework (3+10 : 3 dimensions plus 10 components)
      • 4.2.1.3.3 Data Management Capability Assessment Model DCAM (understanding)
      • 4.2.1.3.4 DAMA data management model
    • 4.2.2 Operations and maintenance management
      • 4.2.2.1 IT O&M capability modeling
        • capacity building
          • People capacity (selection: who does what for what position)
          • Resource capacity (safeguarding things)
          • Technical skills (doing things efficiently: important)
          • Process competencies (doing things right: integrating the other three competencies, how to do things right, order of doing things right)
      • 4.2.2.2 Intelligent Operation and Maintenance
        • 4.2.2.2.1 Elements of competence (explanation of the seven elements)
        • 4.2.2.2.2 Capability platforms (capability domains)
        • 4.2.2.2.3 Application of capabilities (scenario realization)
        • 4.2.2.2.4 Intelligent features
    • 4.2.3 Information security management
      • 4.2.3.1 The Three Elements of CIA
      • 4.2.3.2 Information security management system
      • 4.2.3.3 Network security level protection (formerly called information security level protection)
        • Security Protection Level Classification GB/T 22240 "Information Security Technology Network Security Level Protection Classification Guideline
        • Security Protection Capability Classification GB/T 22239 "Information Security Technology Network Security Level Protection Basic Requirements".
  • 4.3 Word summaries
  • appendice

4.1 Management approach

  • Governance is at a higher level and is about management, and information systems management is directly related to the management of all aspects of information systems.

4.1.1 Management foundations

  • What is involved in information management in general.

4.1.1.1 Hierarchy of information systems

  • An information system is a system that carries out informationAcquisition, processing, storage, management and retrieval, forming a system for the flow and processing of information in the organization that can provide useful information to the people concerned when necessary.

4.1.1.2 System administration

  • Information systems management covers four main areas.
realm descriptive
Planning and organization Overall organization, strategy and support activities for information systems
Design and implementation For the definition, procurement and implementation of information systems solutions.
and their integration with business processes
Peacekeeping services Operational delivery and support for information systems services, including security
Optimization and continuous improvement Performance monitoring for information systems and their internal performance goals,
Management of consistency between internal control objectives and external requirements

4.1.1.2.1 Planning and organization

4.1.1.2.1.1 Information systems strategic triangle
  • A strategy is a set of coordinated actions to achieve goals, intentions and objectives. The information systems strategy triangle highlights theBusiness strategy, information systemscap (a poem)Organizational mechanismsThe necessary consistency between the three needs to be synergized when planning operations . (The three aspects interact with each other.)

Information Systems Strategy Triangle ----- Business Strategy
  • Business strategy articulates the business objectives that the organization seeks to achieve and the path it expects to take to reach them. Management builds a strategic business plan based on economic and social conditions, the needs of the people it serves and the capabilities of the organization.

  • Differentiation strategy: Offering a product that is different from other products in the industry, summarized as special.
  • Total Cost of Ownership (TCO) strategy : It is cheaper than other products. For example: Taobao, Pinduoduo have adopted the strategy.
  • Focus strategy: Doing one thing best. Example: Haidilao
Information Systems Strategy Triangle ----- Organizational Mechanisms Strategy
  • Organizational mechanics strategy includes the design of the organization and the choices made to define, set up, coordinate and control its work processes. Organizational mechanism strategy essentially requires answering the question " how will the organization be structured to achieve its objectives and implement its business strategy " and forming an effective plan around this question. (Four areas interact with each other when designing an organization .)

  • Know the three types of variable titles:
    • Organizational variables: slightly higher rights.
    • Control variables: Factors involved in the operation of the organization.
    • Cultural variables: Corporate culture also influences the business strategy of an organization.
Information Systems Strategy Triangle ----- Information Systems Strategy (details need not be memorized)
  • An information systems strategy is a plan used by an organization to provide information services. Information systems help to define the organization's capabilities ... (Dare to systematically plan at a high level to help realize the business strategy.)

  • Matrix (A matrix is a table.The purpose of the framework is to provide managers with an observational view of the relationships between information system components and strategies, with the relationships between the four infrastructure components of the overall information system and other resource-related matters constituting the key points of the information system strategy.

4.1.2 Design and implementation

4.1.2.1 Design methodology

  • Information systems design and implementation requires first translating business strategy into an information systems architecture, and then translating that architecture into an information systems design.... (Design methodology can be viewed as a specific approach to developing or planning an information system.).

  • Business strategy is decomposed into small goals, small goals are decomposed into business requirements, and after decomposition, the whole business strategy can be transformed into system architecture.
  • Detailed collection of functional specifications for each functional requirement, supported by hardware specifications, software specifications, data protocols, interface specifications, etc., which are used as the details of the design, and the transition from information system architecture to system design.(summarizes two conversions, conversion framework content)

4.1.2.1.1 Two conversions

    1. From strategy to system architecture
    • Organizations must start with a business strategy and use that strategy to develop more specific objectives. Detailed business requirements are then derived from each objective
    • Need to work with architecture designers to translate business requirements into a more detailed view of the system requirements, standards and processes that make up the information systems architecture (i.e., information systems architecture requirements)
    • Governance arrangements required for the smooth development, implementation and use of information systems should be ensured.Governance arrangements designate which person in the organization retains control and responsibility for information systems
    1. From System Architecture to System Design
    • When converting an information systems architecture into a system designInformation systems architecture is converted into functional specifications.. More details need to be added, including the actual hardware, data, network and software. This extends to the location of data and access processes, location of firewalls, link specifications, declarative design, etc.
    • Information systems have multiple levels:
      • ① Global level: focuses on the entire organization and constitutes the information environment for the entire organization.
      • ② Inter-organizational level: to provide a basis for communication across organizational boundaries to service recipients, suppliers or other stakeholders.
      • ③ Application level: the database and program components that are the focus when considering a particular business application, as well as the equipment and operating environment in which they run.

4.1.2.1.2 Conversion frameworks

  • The transformation framework, which translates business strategy into information systems architecture and then into information systems design, poses three types of questions: what, who and where.
    • " Content " What the components are and identify specific types of technology, etc.
    • Who are the individuals, groups and sectors involved in the "People" related component?
    • " Location " Determine the respective location of all content
    • The conversion of the following diagram is not important

4.1.2.2 Architecture Patterns (should be mastered)

  • There are three common models of information systems architecture.

  • Centralized Architecture : Previously used, high security, good scalability, centralized functionality.
  • Distributed Architecture: Currently the most popular architecture used by enterprises, cloud service applications, by a number of physical devices connected to a network, servers can be distributed in many places, the business is not centralized, you can use distributed architecture.
  • Service Oriented Architecture: Specialized Distributed Architecture, (SOA: each small business unit, divided into a service, this service through the intranet or the Internet to provide an external interface, if you want to use a certain function, call the corresponding API), through the small services to build their own services. (The way to provide external interfaces can be seen as SOA mode, such as small program interface, WeChat public number interface, SMS interface, mailbox interface)

When considering centralized versus distributed architectural decisions, it is important to be aware of the trade-offs.

4.1.3 Peacekeeping services (more important)

4.1.3.1 Overview of information system operation and maintenance services

  • Information systems operation and maintenance servicesFrom the perspective of information systems operationsIntegrated planning, including the day-to-day control of information systems, applications and infrastructure to effectively support organizational goals and processes.

  • Operations and maintenance services for information systems include:

    • Operations management and control
    • IT Service Management
    • Operation and Monitoring
    • Terminal Side Management
    • Program Library Management
    • security management
    • Media Control
    • data management

4.1.3.1.1 Operational management and control

  • All activities occurring in the IT team should be managed and controlled. Processes and projects should have adequate record keeping so that management can understand the status of these activities.managementUltimately responsible for all activities occurring in the Information Systems Operations team.
  • The main activities of management control of operations include:
    • Process development: Repetitive activities performed by operators should be documented in the form of processes, and relevant documentation describing each process and each of its steps needs to be developed, reviewed, and approved and made available to operators.
    • standardization: Adopting standardized definitions and constraints, from the way in which tasks are performed to the technologies used, to effectively promote consistency in the work associated with the operation of information systems.
    • Resource allocation: Management allocates capabilities, including human, technical and resources, to support the operation of information systems. Resource allocation should be consistent with the mission, goals and objectives of the organization.
    • process management: Shall measure and manage all processes related to the operation of the information system to ensure that the processes are executed correctly and accurately within the time and budget targets.

4.1.3.1.2 IT service management

  • IT service management is accomplished throughproactive managementcap (a poem)Continuous process improvementGroup activities to ensure effective and efficient delivery of T services
  • ( 1)helpdeskThe service desk is an important part of the organization's IT service, and also an important perception window for service stakeholders' experience. The service desk is an important interface for communication and interaction with stakeholders in the service, responsible for responding to and dealing with problems and demands; the service desk is the "management" interface and information dissemination point for IT service stakeholders, and the link and coordinator of collaboration between various teams within the organization, and is crucial to the management of the quality of IT services and the experience of service stakeholders. The service desk is crucial to the management of IT service quality and service stakeholder experience, and is a strategic unit for the continuous improvement of the organization's IT service capability. (The help desk is not an activity, it is an interface between the business and service sectors, that is, the help desk.)
  • (2)event management: IT Service Management experiences unplanned outages or degradation of service quality, as well as failures of configuration items that have not yet affected the service. Events can be service interruptions, service slowdowns, software defects, and failure of any component. (Also known as fault management, e.g., a network outage, a bad fax, is an incident that is reported to the helpdesk.)
  • (3)Issue management: Problem management activities are initiated when several incidents occur that appear to have the same or similar root causes, and the overall goal of problem management is to reduce the number and severity of incidents, and this control of incidents involves both reactive measures after an incident occurs and proactive measures to prevent the occurrence of capacity-related events. (Frequent accidents are the problem, and a lot of effort needs to be put into solving common incidents.)
  • (4)Change Management: An action that results in a change in the state of one or more information system configuration items. Change management ensures that all changes executed in the IT environment are controlled and consistently implemented. (Change management is concerned about the change process, any configuration changes, we must consider the impact of this change on the overall IT system, after the approval of the change can be changed.)
  • (5)configuration management: A series of activities to manage, by technical or administrative means, information about an information system, including not only information about specific configuration items of the information system, but also the interrelationships between those configuration items. (Configuration management focuses on the state of the configuration item, while the modification of the configuration item needs to go through the change management process.)

----------------------------------------- The first five are service support processes --------------------------------------------------------------

  • (6) Release Management: Responsible for planning and implementing changes to information systems and documenting all aspects of that change. Releases are defined by the change requests they implement, and releases generally consist of many problem fixes and IT service quality improvements. (Focus on the final external product, e.g., operational versioning.)
  • (7)Service level management: A management process that defines, documents, and manages levels of IT services and agrees them with stakeholders at an acceptable cost through a Service Level Agreement (SLA).SLA), a continuous cycle of service performance monitoring and reporting, continuous maintenance and improvement of service quality, as well as triggering actions to eliminate poor services, thus meeting the service needs of stakeholders. (How much service you need, how much it costs. For example: how much bandwidth you need, how much it costs.)
  • (8)financial management: A process responsible for the financial management of all resources involved in the operation of IT services, with key activities including: budgeting, equipment investment, expense management, project accounting, and project return on investment (ROI) management. Financial management considers the financial value of IT services in support of organizational goals.
  • (9)capacity management: Used to confirm that there is sufficient capacity in the information system to meet service requirements. An information system has sufficient capacity if its performance is within acceptable limits. Capacity management does not only focus on current needs, but must also consider future needs. (How much service capacity is available to meet the service requirements of the counterparty.)
  • (10)Service continuity management: A set of activities related to the organization's ability to deliver services on a sustained basis, primarily in the context ofIn the event of a natural or man-made disasterActivities that continue to maintain the effectiveness of a service. Divided into five processes: governance of service continuity management, business impact analysis, development and maintenance of service continuity plans, testing of service continuity plans, and response and recovery. ((b) To leave sufficient human or financial resources to respond to the disaster.)
  • (11) Availability Management: is a service management process concerned with designing, implementing, monitoring, evaluating, and reporting on the availability of IT services to ensure that the availability needs of service stakeholders are consistently met. (Designing or arranging the system in advance to achieve availability. Enabling the system to provide this total service throughout the opening hours.)

4.1.3.1.3 Operation and monitoring

  • Effective IT operations require IT staff to understand and properly perform tasks in accordance with established processes and procedures.
  • The tasks of IT operations often include:
    • ① Execute operations according to the plan
    • ② Monitor jobs and allocate resources to jobs according to priority.
    • ③ Restart failed jobs and processes
    • ④ Optimize backup operations by loading or changing backup media, or by ensuring that the target's storage system is ready
    • ⑤ Monitor the availability of information systems, applications and networks to ensure adequate performance of these systems.
    • (vi) Implementation of maintenance activities during idle periods, such as equipment cleaning and system rebooting.

Exceptions and errors that occur in the IT operating environment are usually handled in accordance with the incident management and problem management processes of the IT service management system.

  • 1) Operation Monitoring

    • The IT team responds to (What content is monitored?)Information systems, applications and infrastructureMonitoring is performed to ensure that they continue to operate as required. the IT team should log any incidents of unexpected or unusual activity and manage the incidents based on process.
    • Types of errors detected and reported include: system errors, program errors, communication errors and operator errors.
  • 2)safety monitoring(covering firewalls, intrusion detection mechanisms, etc.)

    • Organizations need to implement different types of security monitoring and use security monitoring as part of their overall strategy to prevent and respond to security incidents.
    • The types of monitoring that an organization may perform include: exceptions to firewall policy rules, intrusion prevention system alerts, data loss prevention system alerts, cloud security access agent alerts, user access management system alerts, network anomaly alerts, web content filtering system alerts, endpoint management system alerts (including anti-malware), security announcements issued by vendors, third-party security announcements, threat intelligence advisories, access control system alerts, and video surveillance system alerts. security bulletins issued by vendors, security announcements issued by third parties, threat intelligence consulting, alarms of access control systems, and alarms of video surveillance systems.

4.1.3.1.4 Terminal-side management (providing a PC or account for users to manage)

  • A key aspect of the IT team's function is the service provided to the organization's people to improve their access to and use of IT.
  • " Locked " end-user computerslimits the number and type of configuration changes that end users can perform, but these limits not only help to ensure greater security for end users' devices and the entire organization's IT environment, but also promote greater consistency, which reduces support costs. (Each computer has to be equipped with monitoring software called Lockdown. The system cannot be upgraded at will. Limits user flexibility. Involves security and uniform consistency management.)

Organizations often use T management tools to facilitate efficient and consistent management of user terminals.

4.1.3.1.5 Program library management

  • Program libraries are used by organizations to store and manageApplication source code and targetsThe tools of the code. (To be managed in a configuration management repository.)

  • The control of program libraries allows organizations to have a high degree of control over the integrity, quality and security of their applications. Program libraries often exist as information systems with user interfaces and multiple functions.

  • The main features of the program library include:

    • access control
    • initial recognition of a program
    • Program check-in
    • version control
    • code analysis

Application source code is very sensitiveThe data, which may be considered intellectual property and may contain algorithms, encryption keys and other sensitive information, should be managed through the organization's security policy and data classification policy and should be accessed by the fewest number of people possible.

4.1.3.1.6 Security management

  • Information security management ensures that an organization's information security program adequately identifies and addresses risks and functions properly throughout operations and services.

4.1.3.1.7 Media control

  • Organizations need to undertake a range of activities to ensure that digital media are managed appropriately, that required data is protected, and that data that is no longer required is discarded and erased.
  • Media purged should not be otherwise recoverable. Strategies and procedures for media cleanup need to be included in the relevant requirements of the service provider, as well as documented retention activities to track the destruction of media over time.

Media of concern include: backup media, virtual tape libraries, optical media, hard disk drives, solid state drives, flash memory, hard copies, etc...

4.1.3.1.8 Data management

  • Data management is the set of activities associated with the acquisition, processing, storage, use and disposal of data.... (Management elements are the focus...)

4.1.4 Optimization and continuous improvement

4.1.4.1 Concepts of optimization and continuous improvement

  • (Importance :) Optimization and continuous improvement is a part of information system management activities. Good optimization and continuous improvement management activities can effectively guarantee the performance and availability of the information system, etc., and prolong the effective life cycle of the overall system. (Continuous improvement, a little bit at a time, next time do a PDCA.)

4.1.4.2 DMAIC/DMADV (can be read as Dematic)

  • Six Sigma advocates a five-phase methodology, DMAIC, that includes :
    • Define ( Define ) 😦Define the goal of the improvement, which aspect of the system is to be improved.)
    • Measure 😦Understand the current state of the system and present the current state of the system.)
    • Analysis : 😦Why is the current system so redundant, analyze to see which node details can be removed to make the whole system smoother and simpler.)
    • Improve / Design : 😦Genuine implementation of optimization and improvement.)
    • Control / Verify: 😦Whether, after improvement, the objectives defined at the outset have been achieved and lessons learned have been learned.)

When "improve" is replaced by "design" in phase 4 and "control" is replaced by "validate" in phase 5, the five-phase approach changes from DMAIC to DMADV. When "improve" is replaced by "design" in phase 4 and "control" is replaced by "validate" in phase 5, the five-phase approach changes from DMAIC to DMADV.

4.1.4.2.1 Definition phase

  • The objectives of the definition phase include the definition of the information system to be optimized, the definition of the core processes and the formation of the team.
  • ( 1 ) Definition of information systems to be optimized. This activity is concerned with defining the scope of the synergy, optimization goals and objectives, system team members and contributors, and optimization timelines and deliverables. The scope of the information system to be optimized is related to key business practices, service object interactions, and the definition requires an understanding of the information system related business. It can be used "stretch goal " concept to define information systems to help move beyond incremental improvements and rethink information systems-related business, operations or processes to a point where significant improvements can be realized.
  • ( 2 ) Core Process Definition. The activity is concerned with defining stakeholders, inputs and outputs, and a wide range of functionsSIPOC(Supplier, Input, Process, Output, Customer) analysis is the tool of choice for defining the core process view. Any organization is a system of five interrelated and interacting parts: Supplier, Input, Process, Output, and Customer.
  • ( 3 ) Team Formation. This activity focuses on identifying people from key stakeholder groups to form high-capacity teams to reach consensus on information systems issues and benefits. Reliable team members are selected from key stakeholder groups to represent their function or area in optimization and continuous improvement. Teams are usually limited to 5--7 participants; larger teams are more difficult to manage and members may lose responsibility for the team. Other team members may be ad hoc members from non-critical stakeholder groups, participating only as needed.

4.1.4.2.2 Metrics phase

  • Metrics phase objectives include process definition, metrics definition, process baseline, and metrics system analysis.
    • ( 1 ) Process Definition. A flowcharting tool is typically used to define the flow of the metric phase, graphically realizing the inputs, operations, and outputs of a given information system. Flowcharts should be as simple as possible. When a flowchart indicates too many decision points, an overly complex process may emerge and errors may occur. Therefore.decision pointis a potential focus for improvement in the optimization of the Sinyi system.
    • ( 2 ) Definition of indicators. The definition of the information system to be optimized includes the indicators that will be used to evaluate the process. It is important to select metrics that will result in tangible improvements in system quality, business performance, and client satisfaction. Metrics are used to identify the factors affecting the information system and their relative importance, and allow comparison of the overall contribution of different components of the information system to the business.
    • ( 3 ) Process Baseline.. It is important to determine the capabilities of the existing system through a baseline to determine the extent to which the current system better meets the requirements of the population served and to validate the achievement of the information system objectives established in the definition phase.
    • ( 4 ) Metrics system analysis. Quality begins with metrics. Only when quality is quantified can we start talking about optimization and continuous improvement. Metrics are numerical values assigned to observed phenomena according to certain rules.
      • A good metric system has the following properties:
        • Accurate: should produce a value that is "close" to the actual property being measured.
        • Repeatable: If the measurement system is repeatedly applied to the same object, the resulting measurement values should be close to each other.
        • Linearity: The measurement system should be capable of producing accurate and consistent results over the entire range of interest.
        • Reproducible: the measurement system should produce the same results when used by any properly trained individual.
        • Stability: When applied to the same items, the measurement system should produce the same results in the future as in the past.

4.1.4.2.3 Analysis phase

  • The three objectives of the analysis phase are as follows:
    • ( 1 ) Value stream analysis.. Value stream analysis begins by defining the value of the product or service in question in the eyes of the user of the information system. Value can also be defined as:

    • ① System components in which the organization is willing to invest;

    • ② Activities that change the form, suitability, or function of an information system;

    • ③ Activities that convert business inputs into outputs through information systems.

    • ( 2 ) Source analysis of information system anomalies. The sources of information system anomalies in the metrics phase provide information systemStable (i.e., under control) or unstable (i.e., out of control)of evidence. For stable information systems, the common causes of variation built into the system can only be reduced by making fundamental changes to the system. When the system is out of control, then the particular causes of the unstable situation over a specific time period must be addressed and eliminated to regain a stable process that can then be improved.

    • ( 3 ) Identify drivers for optimization improvements. The drivers of optimization improvement are theFactors that have the greatest impact on the optimization of information systems. Information systems improvement entails either reducing anomalies in their systems or components or moving the median line of system measurement to a more favorable setting. In either case, focusing on the key drivers of optimization and improvement will contribute to the optimization and continuous improvement of information systems.

4.1.4.2.4 Improvement/design phase

  • The objectives of the improvement/design phase are as follows:

  • ( 1 ) Improved/designed solution advancement. The Improvement/Design Phase solution is deployed to close the gap between the current state of the information system and the desired state. This phase defines the plans associated with improvements and cost reductions. It is often the make-or-break point and requires the team to consider previously unconsidered factors and become a true agent of change. Management support at this point is critical.

  • ( 2 ) Define new operating/design conditions. The core processes introduced1 in the definition phase can be used to develop new processes, and other designs of experiments can be conducted to determine the optimal operating conditions required to maximize or minimize the response of a new information system, or of new functionality and design in a new system.

  • ( 3 ) Define and mitigate failure modes. After establishing an optimization and continuous improvement process for an information system, its failure modes can be assessed. Understanding the failure modes of an information system allows an organization to define mitigation strategies for different failures to minimize the impact or occurrence of failures. In cases where failures cannot be prevented, a strategy can be developed to minimize the occurrence of failures and control the damage.

4.1.4.2.5 Control/validation phase

  • The objectives of the control/validation phase are as follows:
    • ( 1 ) Operational control elements for standardized new procedures/functionality of new systems. When information systems are improved, organizations need better control systems to maintain the ability to make further improvements. Managers must standardize the new methods and system operations that result from improvements in order to maintain the benefits of the improvements. Standardized operational level controls are the way to maintain optimized improvements in information systems. Training in operational control of new or optimized systems is key to maintaining deployed improvements.

    • ( 2 ) Continuous validation of optimized information systems deliverables.. The organization should train affected personnel with information on changed system components, trends in the state of the information system, and so on. When these personnel not only understand how the information system has changed, they should also understand why it has changed and how it may find further improvement in the future.

    • ( 3 ) Documentation of lessons learned. As the project team completes its activities, it is important to finalize and maintain project documentation. One key aspect is documenting lessons learned, such as what might have been done for faster or better results. Are the lessons useful to other teams in the organization? Another important role of such team summaries is recognition of their efforts.

4.2 Management points

4.2.1 Data management (emphasis)

  • Managing data, operations and security.

4.2.1.1 Concept of data management

  • Data management is the function of acquiring, controlling, protecting, delivering, and enhancing the value of data and information assets by planning, controlling, and delivering data and information assets, including developing, implementing, and overseeing plans, strategies, programs, projects, processes, methodologies, and procedures related to data.

  • A data management framework is a functional model for the unified tracking, coordination, and management of data generated by an organization's management platforms or platforms capable of generating business data.

Data resource management is dedicated to the development and processing of organizational datafull life cycleappropriate constructs, strategies, practices, and procedures.

4.2.1.2 DCMM (domestically proposed)

  • Data Management Capability Maturity Assessment Model (DCMM) is a national standard GB/T 36073 "Data Management Capability Maturity Assessment Model", which aims to help organizations use advanced data management concepts and methods to establish and evaluate their own data management capabilities, and to give full play to the value of data in promoting the development of organizations towards informatization and digitization. The DCMM is designed to help organizations use advanced data management concepts and methods to establish and evaluate their own data management capabilities, continuously improve their data management organizations, procedures and systems, and give full play to the value of data in promoting the development of the organization towards informatization, digitization and intelligence.

4.2.1.2.1 8 core competency domains and 28 process domains (memorize at least eight competency domains (those in blue))

  • The DCMM Data Management Capability Maturity Assessment Model defines 8 core capability domains of Data Strategy, Data Governance, Data Architecture, Data Application, Data Security, Data Quality, Data Standards, and Data Survival Cycle, which are subdivided into 28 process domains and 445 capability level criteria.
Data strategy
  • An organization's data strategy capability domains typically includeData strategy planning, data strategy implementationcap (a poem)Data strategy assessmentThree competency items.

    • (1) Data strategy planning. Data strategy planning is the result of consensus among all organizational stakeholders. It identifies the drivers for data management and applications at both the macro and micro levels, and integrates the needs of data providers and consumers. The main activities and elements of data strategic planning include:
      • Identifying Stakeholders: Defining Stakeholder Needs .

      • Data strategy needs assessment: The organization assesses the current status of business and information technology to understand the business and information technology needs for data.

      • Data strategy development: mainly

        • ① A vision statement that incorporates data management principles, goals, and objectives;
        • ② Planning scope, which includes key business areas, data scope, and data management priorities;
        • (iii) The data management model and construction methodology chosen;
        • ④ Key gaps in current data management;
        • ⑤ Management and their responsibilities, and a list of stakeholders;
        • (vi) A management approach to data management planning;
        • (vii) Continuous optimization of the road map.
      • Data strategy release: Formal release of the approved data strategy in a document, on a website, by mail, etc...

      • Data Strategy Revision: Regular data strategy revision based on the requirements of business strategy, information technology development and other aspects.

    • (2) Data strategy implementation. Data strategy implementation is the process of gradually realizing the data function framework after the organization completes its data strategy planning. The implementation process is based on the current status of the organization's data management and data application, to determine the gap between the vision and goals; based on the data functional framework to develop milestone data task objectives, and determine the implementation steps. The main activities and work points for data strategy implementation include:
      • Assessment guidelines: Establish criteria for assessing the implementation of data strategic planning and standardize the assessment process and methodology.
      • Status assessment: An analysis of the implementation of the organization's current data strategy and an assessment of how things are working.
      • Assessing the gaps: Analyzing the differences based on the results of the status quo assessment compared to the strategic planning of organizational data.
      • Implementation path: Stakeholders prioritize data function tasks in relation to the organization's shared goals and actual business value.
      • Safeguard plan: Based on the implementation path, the budget required to carry out each activity is established.
      • Mandate implementation: work in accordance with the mandate.
      • Process monitoring: timely monitoring of the implementation process based on the implementation path.
    • (3) Data strategy assessment. Organizations need to establish corresponding business cases and investment models during the data strategy assessment process, track progress throughout the data strategy implementation process, and keep good records for audit and evaluation purposes. The main activities and work points of the data strategy assessment include:
      • Modeling the benefits of tasks: Modeling the benefits of data strategy-related tasks in terms of time, cost, and benefits.
      • Build a business case: create basic use case models, project plans, initial risk assessments, and project descriptions, and be able to define the scope, activities, desired value, and reasonable cost-benefit analysis of tasks (projects) related to data management and data applications.
      • Establishment of investment model: As a fundamental theory for investment analysis of data function projects, the investment model ensures that the required capital is allocated appropriately under the premise of fully considering the costs and benefits, and that the investment model meets the IT needs of different businesses as well as the corresponding content of the data function, and that it is communicated widely to ensure forward-looking support for the business or technology, and meets the relevant regulatory and compliance requirements.
      • Stage evaluation: In the course of the data work, the benefits of the achieved results are regularly evaluated in terms of business value, economic benefits and other dimensions.
data governance
  • An organization's data governance capability domains typically includeData governance organization, data institution-buildingcap (a poem)Data governance communicationThree competency items.
    • ( 1) Data governance organization. Data governance organization needs to include organizational structure, job setup, team building, data responsibility, etc., which is the basis for all data functions. Data governance organization of the organization in the data management and data applications exercise responsibility for planning and control, and guide the implementation of the data functions to ensure that the organization can effectively implement the data strategy objectives. Key activities and work elements of the data governance organization include:
    • Establishment of a data governance organization: Establish an organization with clear authority and responsibility for data system support and smooth internal communication to ensure the implementation of the data strategy.
    • Job setup: establish the positions required for data governance, and clarify the responsibilities, job requirements, etc. of the positions.
    • Team building: formulate team training and capacity enhancement programs, and regularly conduct staff training through the introduction of internal and external resources to enhance the data governance skills of team members.
    • Data attribution management: Identify the relevant roles of data owners, administrators, etc. and the specific managers to whom the data should be attributed.
    • Establishment of performance evaluation system: According to the division of team personnel's responsibilities and management data scope, formulate the performance appraisal system for relevant personnel.
    • ( 2) Data system construction. In order to ensure the standardized operation of data management and data application functions, the organization needs to establish a corresponding system. The data system is usually designed hierarchically, follows a strict release process and is regularly checked and updated. The construction of data system is the foundation for the orderly development of data management and data application, and the basis for the communication and implementation of data governance. The main activities and work points of data system construction include:
    • Formulation of the data system framework: According to the hierarchy of data functions and the order of authorized decision-making, the data system framework can be divided into three levels, namely, the strategy approach and the rules, which set out the specific areas of data management and data application, the objectives within each data function area, the principles of action to be followed, the clear tasks to be accomplished, the modus operandi to be implemented, the general steps to be taken and the specific measures to be taken, and so on.
    • Organize the content of the data system: The data management strategy, together with the data management approach and the data management rules, constitutes the organization's data system system, whose basic content includes:
      • ① The data strategy describes the purpose of data management and data applications and clarifies their organization and scope;
      • ② Data management practices are rules and processes that are defined for the implementation of activities in various areas of data management and data applications;
      • ③ Data management rules are the relevant documents established to ensure the implementation of each data methodology.
    • Data system release: The organization internally releases the approved data system through documents, emails and other forms.
    • Data system dissemination: Regular training and dissemination of the data system.
    • Data system implementation: Promote the implementation of the data system in conjunction with the setup of the data governance organization.
    • (3) Data governance communication. The purpose of data governance communication is to ensure that all stakeholders in the organization are kept up-to-date with relevant strategies, standards, processes, roles, responsibilities, and plans, and that data management and application-related training is carried out to equip them with data management-related knowledge and skills. Data Governance Communication aims to establish and enhance cross-departmental and internal departmental data management capabilities, raise awareness of data assets, and build a data culture. The main activities and work points of Data Governance Communication include:
      • Communication path: Identify the stakeholders of data management and application, analyze the demands of each party, and understand the key elements of communication.
      • Communication plan: Establish a regular or occasional communication plan and build consensus among stakeholders.
      • Communication implementation: according to the communication plan to arrange the implementation of specific communication activities, and at the same time to record the communication situation.
      • (c) Consultative mechanisms on issues: these include such means as the introduction of senior management to resolve differences.
      • Establishment of communication channels: Identify the main channels of communication within the organization, e.g. emails, documents, websites, self-publishing media, seminars, etc.
      • Formulation of training and awareness-raising plans: according to the needs of the organization's personnel and business development, formulate relevant training and awareness-raising plans.
      • Conducting training: Relevant training is conducted on a regular basis in accordance with the requirements of the training plan.
data architecture
  • An organization's data architecture capability domains typically includeData modeling, data distribution, data integration and sharingcap (a poem)metadata managementFour competency items.
    • (1) Data model. A data model is a comprehensive analysis of the data requirements collected for use in the organization's business operations, management and decision-making using a structured language to reorganize the requirements in accordance with the model design specifications. The main activities and work points of data modeling include:
      • Gathering and understanding the organization's data requirements: This includes gathering and analyzing the data requirements of the organization's application systems and the data requirements for achieving the organization's strategy, meeting internal and external regulatory requirements, and interconnecting with external organizations.
      • Develop model specifications: including model management tools, naming conventions, common terminology, and management methods.
      • Development data model: including development and design organization level data model, system application level data model.
      • Data model application: guide and standardize the construction of system application-level data models based on the development of organizational-level data models.
      • Conformance check: Checks for consistency between the organization-level data model and the system application-level data model.
      • Model Change Management: Maintain the data model in real time according to changes in requirements.
    • (2) Data distribution. The data distribution functional domain is for the definition of data in the organization-level data model, clarifying the distribution relationship of data in terms of system organization and process, defining data types, clarifying authoritative data sources, and providing reference and specification for data-related work. Through the sorting of data distribution relationship, the priority of data-related work is defined, the responsible person for data is designated, and the integration relationship of data is further optimized. Data distribution main activities and work points include:
    • Sorting out the current status of data: Sorting out the data in the application system, understanding the role of data and clarifying the data problems that exist.
    • Identify data types: The data in the organization will be classified and managed according to its characteristics, and the general types include master data, reference data, transaction data, statistical analysis data, document data, metadata, and other types.
    • Data Distribution Relationship Sorting: Based on the definition of the organization-level data model, combined with the results of business process sorting, define the distribution relationship between data and process, data and organization structure, and data and system in the organization.
    • Authoritative data sources for sorting out data: specify relatively reasonable unique information collection and storage systems for each type of data
    • Application of Data Distribution Relationships: Based on the sorting of data distribution relationships, the organization's data-related work is standardized, including defining data work priorities and optimizing data integration.
    • Maintenance and management of data distribution relationships: Regularly maintain and update the data distribution relationships in the organization according to the business processes and system construction in the organization to maintain timeliness.
    • (3) Data integration and sharing. The functional domain of data integration and sharing is to establish an integration and sharing mechanism among application systems and departments within the organization, and to promote the interconnection and interoperability of data within the organization through the management of systems, standards and technologies related to data integration and sharing within the organization. The main activities and work points of data integration and sharing include:
      • Establishment of a data integration and sharing system: indicate the principles, ways and means of data integration and sharing.
      • Formation of data integration and sharing standards: Formulate different data exchange standards based on different ways of data integration and sharing.
      • Establishment of a data integration and sharing environment: Integration of multiple types of data within an organization to form an environment for processing and easy access to complex data.
      • Create checks on how data is integrated in new systems.
    • ( 4 ) Metadata management. Metadata management is a collection of processes regarding the creation, storage, integration and control of metadata. The main activities and work points of metadata management include:
    • Metamodel Management: Classify and define each type of metamodel containing definitions describing metadata attributes, which can be adopted or refer to relevant national standards.
    • Metadata Integration and Change: Collect metadata based on the meta-model, integrate metadata of different types and from different sources to form a unified view of data description, and update and manage data changes in a timely manner based on a standardized process.
    • Metadata application: Based on data management and data application requirements, various types of metadata managed by the organization are analyzed and applied, such as query, lineage analysis, impact analysis, conformity analysis, quality analysis, and so on.
data application
  • Data application capability domains typically includeData analysis, open data sharingcap (a poem)data serviceThree competency items.

    • (1) Data analysis. Data analysis is the internal and external data analysis or mining modeling to provide data decision support for the organization's various management activities, as well as the delivery of the corresponding results of the operation, evaluation and promotion activities. The ability of data analysis affects the way the organization makes decisions, creates value, and provides value to users. The main activities and work points of data analysis include:
      • Regular report analysis: Uniform organization, processing and presentation of data in a defined format.
      • Multidimensional analysis: the relationship between data measures across classifications to identify mathematical connections between statistical terms of similar nature.
      • Dynamic Early Warning: Real-time monitoring of data based on certain algorithms and models, and early warning based on preset thresholds.
      • Trend forecasting: According to the objective object of known information on things in the future of certain characteristics, the development of a kind of estimation, measurement activities, the use of a variety of qualitative and quantitative analysis of theories and methods, on the development trend of prediction.
    • (2) Data open sharing. Data open sharing refers to the selective opening up of the organization's content data to the outside world in accordance with a unified management strategy, and at the same time introducing external data for the organization's internal use in accordance with the management strategy. Data open sharing is an important prerequisite for realizing cross-organizational and cross-industry flow of data, and it is also the basis for maximizing the value of data. The main activities and work points of data open sharing include:
      • Sorting out open and shared data: Organizations need to conduct a comprehensive sorting out of their open and shared data and establish a clear catalog of open and shared data.
      • Development of external data resource catalog: Unified sorting of external data needed by the organization and establishment of a data catalog to facilitate query and application by internal users.
      • Establishment of a unified strategy for open data sharing: including security, quality, etc.
      • Data provider management: Establishment of external data usage strategies, data provider service specifications, etc.
      • Open Data: Organizations can open their data to the public in various ways and ensure the quality of the open data.
      • Data access: Selection of data providers according to data needs.
    • (3) Data services. Data service is to provide cross-field and cross-industry data services in the form of data analysis results through the unified processing and analysis of internal and external data of the organization, combined with the needs of the public, the industry and the organization. Data service is the most direct means of realizing the value of data assets, and one of the ways to measure the value of data assets, through good data service to internally enhance the effectiveness of the organization, and externally better serve the public and society. The provision of data services may take various forms, including data analysis results, data service calling interfaces, data products or data service platforms, etc. The form of specific services depends on the strategy and development direction of the organization's data. The main activities and work points of data services include:
      • Data service requirement analysis: A data analysis team is needed to analyze external data requirements and propose data service objectives and presentation forms in combination with external requirements to form data service requirement analysis documents.
      • Data service development: The data development team summarizes and processes the data according to the data service demand analysis to form data products.
      • Data Service Deployment: Deploy data products to provide services externally.
      • Data service monitoring: can have comprehensive monitoring and management of data services, real-time analysis of the status of data services, invocation, security and so on.
      • Data service authorization: authorize users of data services and control the access process.
data security
  • An organization's data security capability domains typically includeData security strategy, data security managementcap (a poem)Data security auditsThree competency items.
    • (1) Data security strategy. Data security strategy is the core content of data security, in the process of formulating needs to be combined with organizational management needs, regulatory needs and relevant standards and other unified development. The main activities and work points of the data security strategy include:

      • Understand the regulatory needs of the country, industry, etc. and conduct data security strategy planning to establish the organization's data security management strategy based on the organization's business needs for data security.
      • Develop data security standards that are appropriate for the organization, determine data security levels and coverage, etc.
      • Define the objectives, principles, management system, management organization, and management process for the organization's data security management.
    • (2) Data security management. Data security management is under the guidance of data security standards and strategies, through the authorization of data access, classification and hierarchical control, monitoring data access and other data security management work, to meet the business needs of data security and regulatory needs, to achieve the organization's internal data security management of the data life cycle. The main activities and work points of data security management include:

      • Classification of data security level: According to the organization's data security standards, fully understand the organization's data security management needs, classify the data within the organization and form relevant documents.
      • Data access authority control: Develop a list of stakeholders for data security management and authorize their data access and control authority around stakeholder needs.
      • User Authentication and Access Behavior Monitoring: Authenticate and identify the user's identity during data access, and record and monitor his/her behavior.
      • Protection of data security: Provide measures related to data security protection control to ensure the privacy of data in the application process.
      • Data security risk management: analyze the organization's known or potential data security, formulate preventive measures and supervise their implementation
    • ( 3) Data Security Audit. A data security audit is a control activity responsible for regularly analyzing, validating, discussing, and improving policies, standards, and activities related to data security management. The audit can be performed by internal or external auditors of the organization, who should be independent of the data and processes involved in the audit. The goal of a data security audit is to provide assessments and recommendations to the organization as well as to external regulators. The main activities and work points of a data security audit include:

    • Process audits: analyze implementation protocols and actual practices to ensure that data security objectives, strategies, standards, guidelines and expected results are aligned.

    • Normative audit: assesses the adequacy of existing standards and protocols and their consistency with operational and technical requirements.

    • Compliance Audit: Retrieve and review the organization's relevant regulatory requirements and verify compliance with them.

    • Vendor audits: review contracts, data-sharing agreements to ensure that vendors are effectively meeting their data security obligations.

    • Audit report issuance: Reporting to senior management, data stewards, and other stakeholders on the state of data security in the organization.

    • Data Security Recommendations: Recommendations for improvement efforts in the design, operation, and compliance of data security.

Data quality
  • An organization's data quality capability domains typically includeData quality requirements, data quality checks, data quality analysiscap (a poem)Data quality improvementFour competencies.
    • (1) Data quality requirements. Data quality requirements are clear data quality objectives, and according to business needs and data requirements to develop rules used to measure data quality, including technical indicators to measure data quality business indicators and the corresponding calibration rules and methods. Data quality requirements are the basis for measuring and managing data quality, and need to be formulated and managed uniformly based on the organization's data management specifications, business computing needs and industry regulatory needs and with reference to relevant standards. The data quality requirements include the following activities and work points:
      • Define data quality management objectives: Based on the needs of the organization's management and with reference to external regulatory requirements, define the organization's data quality management objectives.
      • Define data quality evaluation dimensions: Based on the objectives of organizational data quality management, develop organizational data quality assessment dimensions to guide the development of data quality evaluation.
      • Define the scope of data quality management: Based on the needs of the organization's business development and the analysis of common data problems, define the scope of the organization's data quality management, and sort out the priorities and quality requirements of various types of data.
      • Design data quality rules: Based on the organization's data quality management needs and goals, identify data quality characteristics, set analysis nests for continuous maintenance and update of data quality rules. Quality evaluation indexes, calibration rules and methods for various types of data, and according to business development needs and data quality checking.
    • (2) Data quality check. Data quality check is based on the data quality rules of the relevant technical and operational indicators, calibration rules and methods of real-time monitoring of the organization's data quality, so as to identify data quality problems and provide feedback to data managers. The main activities and work points of data quality checking include:
      • Develop a data quality checking plan: Develop a unified data quality checking plan based on the needs of the organization's data quality management objectives.
      • Data quality situation analysis: according to the plan to analyze the data in the system, to check the distribution of the value range of the data, fill rate, normality, etc., to effectively grasp the actual situation of data quality.
      • Data quality verification: Based on pre-configured rules and algorithms, the data in the system is verified.
      • Data quality issue management: including issue logging, issue querying, issue distribution and issue tracking.
    • (3) Data quality analysis. Data quality analysis is to analyze the data quality problems and related information found in the process of data quality checking, to find out the reasons affecting data quality, and to define the priority of data quality problems as a reference basis for data quality improvement. The main activities and work points of data quality analysis include:
      • Data Quality Analysis Methods and Requirements: Organize and organize common methods of data quality analysis, and define the requirements for data quality analysis.
      • Data quality problem analysis: in-depth analysis of the root causes of data quality problems, providing reference for data quality improvement.
      • Impact analysis of data quality issues: Based on the description of data quality issues and the analysis of the data value chain, assess the impact of data quality on the organization's business, application system operation, etc., and form an impact analysis report of data quality issues.
      • Data quality analysis report: This includes summarizing, sorting, statistics and analysis of various information accumulated in the process of data quality inspection and analysis.
      • Build a data quality knowledge base: Collect various data quality cases, experiences and knowledge to form the organization's data quality knowledge base.
    • (4) Data quality improvement. Data quality enhancement is to formulate and implement data quality improvement plans based on the results of data quality analysis, including correction of erroneous data, optimization of business processes, repair of application system problems, etc., and to formulate a data quality problem prevention plan to ensure that the results of data quality improvement are effectively maintained. The main activities and work points of data quality improvement include:
      • Develop a data quality improvement program: Based on the results of the data quality analysis, develop a data quality improvement program.
      • Data quality correction: The use of means and techniques such as data standardization, data cleansing, data conversion and data integration to process data that do not meet quality requirements and to correct data quality problems.
      • Data Quality Tracking: Record information on the assessment, initial diagnosis, and follow-up of data quality events to validate the effectiveness of data quality improvements.
      • Data quality improvement: business processes are optimized, system problems are corrected, and systems and standards are improved to prevent the recurrence of similar problems in the future.
      • Data quality culture: Through data quality-related training, dissemination and other activities, continuously improve the organization's awareness of data quality and establish a good data quality culture.
data standard
  • An organization's data standards capability domains typically includeBusiness terms, reference and master data, data elementscap (a poem)Indicator dataFour competency items.
    • (1) Business terminology. Business terminology is the description of business concepts in an organization, including Chinese names, English names, definitions of terms and other content. Business terminology data management is to develop a unified management system and process, and the creation, maintenance and release of business terminology for unified management, and thus promote the sharing of business terminology and application within the organization Business terminology is the basis for the organization's internal understanding of the data and application of the data. The management of business terminology can ensure the consistency of understanding of specific technical terms within the organization. Key activities and work elements of business terminology include:
      • Establishment of business terminology standards: At the same time, a business terminology management system is established, including organization, personnel responsibilities, and application principles.
      • Business Terminology Dictionary: A collection of terms that have been defined and approved and published in the organization.
      • Business terminology release: Changes in business terminology are approved in a timely manner and released via email, website, and documents.
      • Application of business terminology: business terminology is cited in the process of data model construction, data requirement description, data standard definition, etc.
      • Business terminology dissemination: introduction and promotion of defined business terms within the organization.
    • (2) Reference data and master data. Reference data and master data are data used to categorize other data. Reference data management is the management of defined data value fields, including standardized terminology, code values and other unique identifiers, the business definition of each value, the control of business relationships within and across different lists of data value fields, and the consistent, shared use of related reference data. Master data is the core business entity data that needs to be shared across systems and departments in an organization. Master data management is the management of master data standards and content to achieve consistent, shared use of master data across systems. The main activities and work points for reference data and master data include:
      • Define coding rules: Define rules for generating unique identifiers for reference and master data.
      • Define the data model: define the components of reference and master data and their meanings.
      • Identify data value ranges: Identify reference and master data value ranges.
      • Management Processes: Create processes related to the management of reference and master data.
      • Establish quality rules: Check the business rules and management requirements related to reference data and master data, and establish quality rules related to reference data and master data.
      • Integration sharing: Integration of reference data, master data and application systems.
    • (3) Data elements. By standardizing the core data elements in an organization, it is possible to provide a consistent understanding of the data by its owners and users. The main activities and work points for data elements include:
      • Establishing classification and naming rules for data elements: Establishing classification rules for data elements based on the organization's business characteristics, and formulating specifications for naming, describing and representing data elements.
      • Establishment of management specifications for data elements: Establishment of processes and positions for the management of data elements, and clarification of the responsibilities of management positions.
      • Creation of Data Elements: Establish a methodology for the creation of data elements and perform the identification and creation of data elements.
      • Establishment of a unified directory of data elements: According to the classification of data elements and business management needs, establish a directory for data element management and classify and store data elements within the organization.
      • Finding and referencing of data elements: provides online tools for finding and referencing data elements.
      • Management of data elements: Provides day-to-day management of data elements and data element catalogs.
      • Data element management report: Regular citation analysis based on data element standards to understand the citation of data elements in each application system and promote the application of data elements.
    • (4) Indicator data. Indicator data is the data of the organization to measure a certain goal or thing in the process of business analysis, generally consisting of the name of the indicator, time and value, etc. Indicator data management refers to the organization's unified and standardized definition, collection and application of the indicator data needed for internal business analysis, which is used to improve the data quality of statistical analysis. The main activities and work points of indicator data include:
      • Based on the organization's business management needs, develop a management framework for the classification of indicator data within the organization, ensuring the comprehensiveness of the indicator classification framework and the independence of each classification.
      • Define a standardized format for indicator data, sort out indicator data within the organization, and form a unified indicator dictionary. -According to the definition of indicator data, data collection and generation are carried out regularly by relevant departments or application systems.
      • Access authorization to indicator data and data presentation based on user needs.
      • Monitor the data in the process of indicator data collection and application to ensure the accuracy and timeliness of the indicator data.
      • Delineate the focal management department, management responsibilities and management process of the indicator data, and maintain and manage the indicator standards in accordance with the management regulations.
Data life cycle
  • An organization's data life cycle capability domains typically includeData requirements, data design and development, data operations and maintenancecap (a poem)Data decommissioningFour competency items.
    • (1) Data requirements. Data requirements are the organization's description of the classification, meaning, distribution, and flow of data generated and used in business operations, business analysis, and strategic decision-making. The data requirements management process identifies the data needed, prioritizes the data requirements and documents and manages the data requirements in a documented manner. Key activities and work points include:
      • Establishment of a data requirements management system: Define the organization, system and process for managing the organization's data requirements.
      • Collecting Data Requirements: Requirements personnel analyze data application scenarios in various ways and identify data classification, data name, data meaning, data creation, data usage, data presentation, data quality, data security, data retention and other requirements in the data application scenarios, and prepare data requirements documents.
      • Review Data Requirements: Organize a review of the data requirements document, which focuses on whether the data requirements are consistent with the business objectives and business requirements, whether the data requirements use defined business terms, data items, reference data, and other data standards, and whether the stakeholders have reached a consensus on the data requirements.
      • Update data management standards: For data requirements that are not yet covered by existing data management standards and those that have been evaluated to meet the need to change the data standards, the data management personnel will update the data standards according to the relevant processes to ensure the consistency between the data standards and the actual data requirements.
      • Centralized management of data requirements: Data requirements from all data users should be centrally collected and managed by data managers to ensure aggregated analysis and historical review of requirements.
    • (2) Data design and development. Data design and development refers to the process of designing and implementing data solutions, providing data applications, and continuing to meet the data needs of the organization. Data solutions include database structure, data collection, data integration, data exchange data access and data products (reports, user views). Data design and development key activities and work elements include:
      • Design of data solutions: including outline design and detailed design, its design content is mainly oriented to the specific application system design of logical data model, physical data model, physical database, data products, data access services, data integration services, etc., so as to form a solution to meet the data requirements.
      • Data preparation: sort out the organization's various types of data, identify data providers, and develop a data provision plan.
      • Data solution quality management: Data solution design should meet the business needs of data users, and also meet data management needs such as data availability, security, accuracy, timeliness, etc. Therefore, data model and design quality management is needed, which includes developing data model and design standards, reviewing the design of conceptual, logical, and physical models, as well as managing and integrating data model version changes.
      • Implementing data solutions: Data solutions that pass the quality review enter the implementation phase, which mainly includes developing and testing databases, creating and maintaining test data, data migration and conversion, developing and testing data products, data access services, data integration services, and validating data requirements.
    • (3) Data operation and maintenance. Data operation and maintenance refers to the daily operation and maintenance process of data collection, data processing, data storage and other processes after the construction of the data platform and related data services are completed and put into operation on line to ensure the normal operation of the data platform and data services, and to provide continuously available data content for data applications. The main activities and work points of data operation and maintenance include:
      • Develop a data operation and maintenance program; based on the needs of the organization's data management, define the organization of data operation and maintenance, and develop a unified data operation and maintenance program.
      • Data provider management: Establish service level agreements and inspection means such as monitoring rules, monitoring mechanisms and data qualification standards for data provision, continuously monitor the service level of data providers, and ensure that data platforms and data services have continuously available, high-quality, safe and reliable data, and data provider management includes the management of the organization's internal and external data providers.
      • Data platform operation and maintenance: according to the data operation and maintenance side of the database, data platform, data modeling tools, data analysis tools ETL tools, data quality tools, metadata tools, master data management tools selection, deployment, operation, etc. management, to ensure that the selection of each technical tool in line with the overall planning of the data architecture, the normal operation of the indicators to meet the data needs.
      • Change Management of Data Requirements: After the realization of data requirements, it is necessary to track the operation of data applications in a timely manner, monitor the consistency of data applications and data requirements, and at the same time manage the changes in requirements proposed by users to ensure the consistency of design and implementation.
    • (4) Data decommissioning. Data decommissioning is the management of historical data, the retention and destruction of historical data in accordance with legal, regulatory, business and technical requirements, and the execution of archiving, migration and destruction of historical data to ensure that the organization's management of historical data is in line with the needs of external regulators and internal business users, rather than merely meeting information technology needs. Data decommissioning key activities and work elements include:
      • Data decommissioning requirements analysis: Research internal and external requirements for data decommissioning from organizational management and business users in various fields to clarify data retention and erasure requirements for external regulatory requirements, and to clarify retention and erasure requirements for internal data applications, taking into account information technology's requirements for storage capacity, access speed, storage costs, and so on.
      • Data decommissioning design: Comprehensively consider compliance, business and information technology needs, design data decommissioning standards and implementation processes to clarify different types of data retention strategies, including retention periods, retention methods, etc., and establish workflows and operating procedures for data archiving, migration, acquisition and erasure to ensure that data decommissioning is in line with the standards and process specifications.
      • Data Decommissioning Execution: Execute data decommissioning operations in accordance with the data decommissioning design plan, complete data archiving, migration, and purging to meet regulatory, business, and technical needs, while updating the data decommissioning design as needed.
      • Data recovery checking: A data recovery checking mechanism needs to be developed after data decommissioning to regularly check the status of decommissioned data to ensure that data can be recovered when needed.
      • Archived data query: Manage query requests for archived data according to business management or regulatory needs, and recover relevant data for supply.

4.2.1.3 Theoretical Framework and Maturity Levels

  • Commonly used data management models at home and abroad include:
    • Data Management Capability Maturity Model (DCMM) from GB/T 36073
    • Data Governance Framework (Data Governance Institute, IDGA DGl)
    • Data Management capability Assessment Model (DCAM), published by the Enterprise Data Management Association (EDM)
    • Data Management Model (a model defined by the International Data Management Association DAMA (DAMA International))

4.2.1.3.1 Data management capability maturity model (exam point)

  • The DCMM classifies an organization's management maturity into five levels:

    • initial level: The management of data requirements is mainly represented at the project level, with no harmonized management processes, mainlypassive management。(No data management, nothing at the initial level.)
    • regulated level: The organization is aware that data is an asset, has developed management processes in accordance with the requirements of the management strategy, and has designated the relevant personnel to conduct theInitial management。(Just starting to manage data)
    • healthy level: Data has been treated as an important asset for achieving organizational performance goals, and a series of organizational-levelStandardized management processesThe promotion of data managementstandardization。(Developed a series of standardized processes)
    • Quantitative management level: Data is recognized as an important resource for gaining competitive advantage, and the efficiency of data management canQuantitative analysis and monitoring。(Improvement of management level, interest analysis and monitoring)
    • optimization level: Data is considered to be the foundation of organizational survival and growth, and related management processes can beReal-time optimization, can share best practices within the industry. (It's ripe for continuous optimization.)

4.2.1.3.2 DGI Data Governance Framework (3+10 : 3 dimensions plus 10 components)

  • It is a system of frameworks at the operational level for organizations to conduct data governance, providing a methodology for the complex activities of making decisions and taking actions in the organization, and this framework starts fromOrganizational structure, governance rulescap (a poem)Governance processThese three dimensions present 10 key generic components on data governance activities and a data governance framework is constructed on the basis of these elements....

4.2.1.3.3 Data Management Capability Assessment Model DCAM (understanding)

  • The Data Management Capability Maturity Assessment Model (DCAM) is based on the experience of many real cases and provides key dimensions for building and assessing an organization's data management program, with a strong emphasis on teamwork (process), standards implementation and financial support, and currently has four components in the latest DCAM version 2.2:
    • basic component Includes data strategy and business cases, data management processes and funding functional domains;
    • executable component Includes Business and Data Architecture, Data and Technology Architecture, Data Quality Management, and Data Governance functional domains.
    • analysis component Contains the Data Control Environment functional domain;
    • application component Contains the Analytics Management functional domain.

4.2.1.3.4 DAMA data management model

  • DAMA - DMBOK (Data Management Body of Knowledge Guide ) 2nd Edition was released in 2018 to guide the assessment of an organization's data management function and data strategy, and to advise and guide fledgling organizations to implement and enhance data management. The framework consists of 11 Data Management Functional Areas (DMAs) and 7 Essential Environmental Elements (EEs) that form the DAMA Data Management Body of Knowledge (DMBOK), with each DMA working within the constraints of the 7 EEs.

  • Database Modeling and Design : Database modeling is the creation of database tables.
  • Data storage and manipulation : How to store data in a database.
  • Data Integration and Interoperability : Data Processing
  • Document and Content Management : Unstructured data such as text, video, etc. are managed using this
  • Reference Data and Master Data Management : Used in banking systems. Master data: billing, customer data, statement data, city code list, zip code that supports the master data is called reference data.
  • Data Warehouse & Business Intelligence : Business Intelligence, with data mining capabilities, is more than a database with decision-making data.
  • Metadata management : data about data

4.2.2 Operations and maintenance management

  • We use IT to manage IT-related IT systems, data operations, and various equipment to maximize the function of the entire operating environment of the information system.

4.2.2.1 IT O&M capability modeling

  • The national standard GB/T 28827.1 "Information Technology Services Operation and Maintenance Part 1 General Requirements" defines the IT operation and maintenance capability model.

  • Operation and Maintenance Service Capability System (MCS): What aspects of operation and maintenance need to be focused on and what processes need to be followed.
  • Value Realization: Achieving or serving organization-wide value through IT systems.

capacity building

  • Organizations need to consider the internal and external factors of the environment, guided by governance requirements, based on service scenarios, identifying service capability needs around thePeople, process, technology, resourcesabilitiesFour elements (memorized), planning, implementing, checking and improving the operation and maintenance capability system, empowering to various service scenarios, and realizing service value through service delivery;
  • Establishment of key indicators for capacity building, people, process, technology, resources
  • Regularly evaluating O&M service capability maturity and measuring capability level gaps in order to continuously improve O&M service capabilities.
People capacity (selection: who does what for what position)
  • Operations and maintenance personnel are categorized into three types of positions

    • management categoryMainly responsible for the organization and management of operations and maintenance
    • technical categoryMainly responsible for O&M technical construction and technical decisions in O&M activities, etc.
    • operating classMainly responsible for the execution of O&M activities, etc.
  • Capacity building for O&M personnel needs to be considered (understand):

    • Establish staffing requirements planning for all IT O&M stakeholder needs.
    • Based on the staffing needs plan, develop staff recruitment, training, reserve and appraisal mechanisms and implement them;.
    • Definition of IT operations and maintenance personnel positions, according to the different content of the work, the division of the Division Division of the management post, technical posts, operational posts, and for each position to sort out the job responsibilities, while defining the job requirements, including knowledge, skills and experience requirements and other aspects.
  • The evaluation of O&M staff competencies includes (understand):

    • Establishment of grade evaluation criteria for positions corresponding to operation and maintenance services.
    • Establishment of a mechanism for evaluating the capacity of operation and maintenance service teams and personnel;
    • Implement team and personnel competency evaluations;
    • Continuous improvement of personnel competencies based on evaluation results and adjustment of the personnel competency plan when needed.
Resource capacity (safeguarding things)
  • IT Ops resources are relied upon and generated to ensure the proper delivery of IT OpsTangible and intangible assets.. Resources are primarily transformed by capabilities that have been crystallized in the people, process and technology elements.

  • Resource capacity included:

    • O&M Tools : Tools used by O&M
    • Helpdesk: Interface Helpdesk
    • Spare parts library: Spare parts library for hardware and software
    • Final Software Library
    • Service data
    • Service Knowledge : Related Knowledge

The process of building resource capacity should pay due attention to the solidification of autonomous knowledge, technology and business processes, with particular attention to the technical resourcing of front-line personnel.

Technical skills (doing things efficiently: important)
  • Organizations need to develop their own core technologies and learn non-core technologies to continuously improve the IT operations and maintenance process.Problems foundcap (a poem)sortability

  • The technical capacity that the organization should have:

    • Identifying and solving problems (core technology)
    • risk control
    • technological reserve
    • Research and development, application of new technological frontiers
  • The organization shall implement activities such as technology management, technology research and development, and application of technological achievements in accordance with the planning requirements of O&M capabilities to ensure that the technological capabilities meet the service requirements under different service scenarios, including the needs, governance, and expected benefits of long-term development of O&M service capabilities, and to realize the value of their services.

" Early detection, early resolution" has always been one of the IT operations and maintenancekey principleTechnology is a fundamental factor in improving efficiency.

Process competencies (doing things right: integrating the other three competencies, how to do things right, order of doing things right)
  • The process is also known asworkflowsThe purpose of a series of activities is to achieve a specific value objective, which is accomplished jointly by different people. There is not only a strict sequence of activities, but also a clear arrangement and definition of the content, mode and responsibility of the activities, in order to make it possible for different activities to be transferred between different posts and roles.
  • The organization needs to combine the service scenarios with the O&M capability planning requirements, design the process framework, clarify the relationships and interfaces between the processes, and formulate the objectives, activities, and assessment indicators for the management processes such as service levels, service reports, incidents, problems, changes, releases, configurations, availability and continuity, system capacity, and information security, to support the standardized management of the service processes and the realization of service value.

Processes are developed to link people, technology and resource elements together in a process-oriented manner to guide IT operations personnel in an agreed-upon manner and methodology.

4.2.2.2 Intelligent Operation and Maintenance

  • Capability Element: Supporting or foundational. It consists of O&M capability elements plus intelligent technology in three or seven aspects. (O&M capabilities: people/technology/processes/resources, intelligent O&M: algorithms/data/senses).
  • Capability domain: including three aspects (data management/analysis/decision making/automated control), ultimately supporting intelligent O&M scenarios.
  • Intelligent O&M Scenario Realization : The realization of the four scenarios depends on the capability domain.
  • Intelligent Characterization : How to demonstrate the level of Intelligent O&M. (What features does Intelligent O&M provide externally)

4.2.2.2.1 Elements of competence (explanation of the seven elements)

  • The main elements of the capabilities of Intelligent O&M include:
    • Personnel: The operation and maintenance team needs to be familiar with business activities and processes in the IT operation and maintenance field, master automation, big data, artificial intelligence, cloud computing, algorithms and other technologies, and have a certain degree of intelligent operation and maintenance research and development capabilities.
    • Technology: Technology usually includes harmonized standards and specifications, open basic public resources and services, and interconnection of data and processes and services.
    • Process: The process defined by intelligent operation and maintenance needs to have a clearly defined human-machine interface, which can give full play to the advantages of intelligence, realize process optimization, and consider authority control and risk avoidance.
    • Data: O&M organizations need to strengthen data governance, ensure data quality, and standardize data interfaces. O&M applications need to collect, process, and consume around data to improve O&M intelligence.
    • Algorithms: can focus on anomaly detection, root cause analysis, fault prediction, knowledge mapping, health diagnosis, decision analysis, etc., with the characteristics of infinity, exactness and effectiveness.
    • Resources: The organization should configure the arithmetic, bandwidth, storage, etc. required for open shared service management in the data management capability domain data service, for resource management, at least according to the requirements of different scenarios.
    • Knowledge: Knowledge usually includes O&M technical solutions and methods and steps, experience precipitation of O&M, multi-dimensional description of O&M objects, and intelligent mining results of O&M data.

4.2.2.2.2 Capability platforms (capability domains)

  • Intelligent O&M capability platforms are usually equipped with capabilities such as data management, analysis and decision making, and automation.

4.2.2.2.3 Application of capabilities (scenario realization)

  • Centered on operation and maintenance scenarios, through scenario analysis, capability building, service delivery, iterative tuningFour key aspectsthat can characterize O&M scenarios with intelligence.
    • Scenario AnalysisScenario demand analysis refers to the demand for new or improved services received from the business or T itself. Scenario demand analysis is conducted in different ways, with different contents and focuses, from business demand, user demand, and system demand at different levels.
    • Capacity buildingIt means that based on the results and target requirements of the analysis of operation and maintenance scenarios, applying the processing and handling capabilities of the enabling platform that are suitable for the data characteristics of the operation and maintenance scenarios, systematically designing the processing flow of the data, and constructing intelligent operation and maintenance solutions to meet the needs of specific operation and maintenance scenarios.
    • Service Delivery: It means making detailed delivery plans, preparing necessary resources, evaluating possible risks and clarifying avoidance options, improving the delivery implementation process, and ensuring that the intelligent features of the O&M scenarios are in line with the planning requirements through service delivery checking.
    • Generation selection and prioritization (impact assessment): It refers to the optimization of intelligent O&M scenarios through continuous selection of generations to ensure that the inputs are in line with the incremental attainment of the planning objectives of the specific scenarios of intelligent O&M. (Two names: Ongoing tuning of current scenarios and ongoing tuning based on evaluation results.)

(Understanding) Based on the level of complexity, O&M scenarios are categorized into single, composite and global scenarios .

4.2.2.2.4 Intelligent features

  • Intelligent O&M requires several intelligent features, including:

    • Able to perceive: the characteristic of having the ability to recognize the state of people, activities and objects with sensitivity and accuracy. (Automatically identifies and determines maintenance events and data.)
    • Descriptive: means having the characteristics of presenting and expressing all kinds of information in the operation and maintenance scenarios in an intuitive and friendly way. (The main idea is to visualize, to show the current state of affairs.)
    • Self-learning: refers to having the characteristics of active knowledge acquisition such as accumulating data, refining models and summarizing laws. (The embodiment is the intelligence of AI, through the AI algorithm automatically summarize the law to judge.)
    • Can diagnose: refers to having the characteristics to analyze, locate, and judge people, activities, and objects. (Judgement by law, to determine the existence of problems.)
    • Decisionable: means characterized by a comprehensive analysis that gives the basis for subsequent disposition or solution. (What to do next, based on a determination of the problem.)
    • Self-executing: refers to having the characteristic of making automated dispositions for the operation and maintenance scenarios that are known to you.
    • Adaptive: refers to having the characteristics of automatically adapting to changes in the environment and dynamically optimizing processing. (Intelligent environments are always changing dynamically, so they need to be adaptive and able to adjust themselves after adaptation.)

4.2.3 Information security management

4.2.3.1 The Three Elements of CIA

  • The three elements of the CIA are

    • Confidentiality
    • Integrity
    • Availability
  • The CIA is the three attributes that are of most concern to information security, and as such these three characteristics are often referred to as the information security triad

  • The center of gravity of the CIA's attention is intextAlthough this is the core element of most information security, for information system security, it is not enough to consider CIA alone; all relevant technologies and theories involving confidentiality, integrity, availability, authenticity and verifiability of information on the network belong to the research field of information security.

CIA is the goal of system security design (the goal of information security implementation is CIA)
CIA can be used as a basic principle for planning and implementing quantitative security strategies

4.2.3.2 Information security management system

  • Information systems security management is the implementation of management that meets the requirements of the security level of responsibility throughout the life cycle of an information system in an organization, including:

    • Implement a safety management organization and safety management personnel, clarify roles and responsibilities, and develop a safety plan (Organizational decision-making perspective, belonging to the management system)
    • Developing security policies (fulfillment)
    • Implementation of risk management (fulfillment)
    • Develop a business continuity plan and a disaster recovery plan (How to ensure that the entire IT system continues to operate and can recover from a disaster)
    • Selection and implementation of security measures (fulfillment)
    • Ensure that configurations, changes are correct and secure (Integration with configuration management)
    • Conducting security audits
    • Guaranteed maintenance support
    • Conduct monitoring, inspections, and handle security incidents (The entire system is monitored and problems are handled in a timely manner.)
    • Security Awareness and Security Education
    • Personnel security management, etc. (the old version also had the implementation of a rotation system, which required a few months of desensitization before separation, and the desensitization period did not allow for separation)

4.2.3.3 Network security level protection (formerly called information security level protection)

Security Protection Level Classification GB/T 22240 "Information Security Technology Network Security Level Protection Classification Guideline

  • The objects of network security level protection includeInformation systems, communication network facilitiescap (a poem)data resourceetc.

  • According to the importance of the object of protection in national security, economic construction and social life, as well as the degree of infringement in the event of damage, and other factors, the security protection level of the hierarchical protection object is divided into five levels (Level 5 requires memorization)。

  • Level 1: Not causing harm to groups (enterprises/individuals) of particular importance and, at the same time, not affecting society and not affecting the State.
  • Level II: Causes serious damage to enterprises/individuals, while at the same time affecting society and not the State.
  • Level 3: Seriously affects the social order and jeopardizes the State.
  • Level 4: Seriously affects the social order and seriously jeopardizes the State.
  • Level V: Particularly Serious Danger to the State

Security Protection Capability Classification GB/T 22239 "Information Security Technology Network Security Level Protection Basic Requirements".

  • The basic security protection capabilities that should be available to different levels of hierarchical protection objects are as follows:

  • Protect the previous section with a level of security protection

4.3 Word summaries

serial number words write characters in simplified form rendering descriptive
1 Service Level Agreement SLA Service level agreements
2 Return On Investment ROI Project return on investment
3 Define D define
4 Measure M breadth
5 Analysis A analyze
6 Improve / Design I Improvement/design
7 Control / Verify C Control/Verification
8 Data Management Capability Maturity Assessment Model DCMM Data Management Capability Maturity Assessment Model
9 Data Governance Institute DGl International Data Governance Association
10 Data Management capability Assessment Model DCAM Data management capacity evaluation model
11 DAMA International International Data Management Association DAMA
12 Confidentiality \ Integrity \ Availability CIA Confidentiality\ Integrity \ Availability
13 MCS Operation and maintenance service capacity system

appendice

  • Audio version of the textbook, you can listen to the chapter without reading the book.
serial number chapters link (on a website)
1 Chapter 4 Information systems management /video/BV1PMeMegEJH/?spm_id_from=333.999.0.0&vd_source=0bb2dec1aa524e2dda1f4e45974694e9