Taking CMDB to the Next Level by Capturing Data Inventory on Assets that Will Automate GRC Efforts

Wednesday, May 04, 2022 | 11:45AM–12:30PM ET | Harborside Ballroom D, 4th Floor
Session Type: Breakout Session
Delivery Format: Presentation/Panel Session

To improve compliance, IT risk management, and IT support within our decentralized IT structure at NC State University, our Office of Information Technology (OIT) is working with cross-campus IT stakeholders to establish a central inventory within our ServiceNow Configuration Management Database (CMDB). NC State is expanding this resource inventory to include data from all relevant IT assets. This inventory expansion has required customization to reflect how NC State leverages its data classification scheme. The data inventory will empower the business, IT support, compliance, and risk management teams a full understanding of compliance obligations, levels of sensitivity, and the data governance responsible for that data. This inventory expansion will also enable the institution’s governance, risk, and compliance (GRC) tools to leverage that data to perform automated compliance attestations with the appropriate stakeholders, improve the use of risk management efforts, and enable the university’s internal audit organization to improve its scope for audit plans. This project is kicking off in 2022 with proofs of concept being conducted within OIT along with the IT support group from the Division of Academic and Student Affairs. Full campus use is estimated by fall 2022.

Presenters

  • Damon Armour

    Director of Information Security, Risk & Assurance, North Carolina State University
  • Chris Bradsher

    Information Security Specialist, North Carolina State University
  • Mike Donathan

    Sr. ServiceNow Developer, North Carolina State University
  • Dan Grigg

    IT Project Manager II, North Carolina State University
  • Gary Li

    Director, Infrastructure Platform & Services, North Carolina State University

Resources & Downloads

  • Taking CMDB to the next level by capturing data inventory on assets that will automate GRC efforts

    Updated on 11/27/2024