A

Access Management/Rights Management – the process that enables or prevents users from accessing data or an IT service in a way that maintains the source’s confidentiality, integrity, and availability according to the organization’s overall business and IT policies.

B

Business Model – a plan that provides structure for the functions, products, and services of a business and the people involved in it (staff, customers, vendors, etc.).

Business Policy – a business’s recorded statements used for the decision-making process. (see: IT Policy)

Business Strategy – a business’s plan for making decisions based off the company’s internal factors and the external market and enforcing these decisions. (see: IT Strategy)

Business-IT Strategy Alignment – a process of dovetailing business strategy with IT strategy in order to generate value for the business in a way that meets business objectives through the use of IT.

C

Chief Information Officer (CIO) – the professional who oversees IT governance (typically) and communicates with additional departments and committees for guidance and information with the goal of using IT to create value for the organization.

Compliance – an organization’s act of following internal policies (Corporate Compliance) or external laws (Regulatory Compliance). (See IT Policy).

Control Objectives for Information and related Technology (COBIT) – ISACA’s IT governance framework made of processes, objectives, and recommendations that an organization can use to measure its performance and the effectiveness of its use of IT. Ultimately, COBIT should help the organization meet the needs of its stakeholders and gain a broader understanding of how IT plays into the overall organization.

Corporate Compliance — see Compliance.

Cybersecurity – protection and prevention of attacks and disruptions to software, hardware, systems, etc. that can impact a singular user or an entire organization through intended and unintended disruptions and attacks.

G

Governance – the oversight and control of an organization through (1) setting objectives, (2) assigning roles and responsibilities to various departments and staff members, and (3) monitoring of the internal organization and external factors that affect the use of IT according to strategy and policy.

Governance, Risk Management and Compliance (GRC) – three broad, overlapping, and interconnected practices an organization follows to achieve its objectives, deal with risks, and adhere to policies and regulations while also reflecting the overall strategy.

I

Information Technology Infrastructure Library (ITIL) – a framework for IT service management and delivery that includes best practices, guidance on the overlap between strategy and policy design, and documents.

IT Governance - the processes and responsibilities that allow for continual use of IT, management and accountability, and the creation of value and revenue.

IT Governance Framework - a pre-existing structure of procedures and methods that an organization can apply to their implementation, monitoring, and managing of IT governance.

IT Policy — the limitations set on IT strategy in order to follow internal rules, standards, and guidelines and obey external laws. Additionally, IT policy sets broad reactions for various circumstances.

IT Policy Framework is a recorded rulebook or set of principles behind the use of information technology in an organization.

IT Strategy - a business’s plan for making information technology-related decisions in order to meet business needs, improve processes, and ultimately generate value for the organization.

M

Market Research – the process of an organization collecting data on its intended market so the organization make decisions based off trends, demographics, competition, etc.

N

National Institute of Standards and Technology (NIST) – an American non-regulatory agency that provides standards and guidance for scientific research and technological advances.

P

PEST Analysis – an analysis strategy that involves a combination of the political, economic, social, and technological factors of both the organization and its intended market

R

RACI Matrix – a tool used to defines the roles and responsibilities of group members for a business project according to four categories: responsible, accountable, consulted, and informed.

Regulatory Compliance — see Compliance.

Rights Management/Access Management – the process that enables or prevents users from accessing data or an IT service in a way that maintains the source’s confidentiality, integrity, and availability according to the organization’s overall business and IT policies.

Role – the set of responsibilities associated with a title, position, or task—not with an individual. People can have multiple roles (or, idiomatically, “wear many hats”) for one or several projects, such as project manager for the update of one database and a specialist for the design of another database.

S

SWOT Analysis – an analysis strategy that assesses an organization's strengths, weaknesses, opportunities, and threats.

T

Technology Intelligence – the research used to identify and predict potential changes in technology that could impact a business. (See: IT Strategy).

V

Value Creation - the quantitative and qualitative measure of success for a business, its workers and customers, and the market as a whole.