per hour. (SQL is a computer language for accessing and querying databases.) Winter estimated in 2005 that by 2008 transactional workloads would have grown 174 percent while data warehouse workloads would have quadrupled. While individual databases and their use are growing dramatically, so is the total number of databases.

Managing Information Technology Systems and Programs

There are many formally defined private-sector9 and government10 IT assessment frameworks, i.e., guidelines and best practices, for improving IT governance, transparency, and performance management, as well as improving specific areas, such as security,11 privacy,12 and information fairness.13 These frameworks are intended to quantify difficult-to-evaluate information systems objectives such as information systems effectiveness, quality, availability, agility, reliability, accuracy, completeness, efficiency, compliance with applicable regulations, and confidentiality. Although these criteria are difficult to define and evaluate, they are common requirements that the IT industry must evaluate for all critical systems on a regular basis. While there is never a simple or discrete answer, the IT industry must make its best approximation.

Three of the 30 most widely followed frameworks are Control Objectives for Information and Related Technologies (COBIT), IT Infrastructure Library (ITIL), and International Organization for Standardization (ISO)


D. Aron and A. Rowsell-Jones, Success with Standards, Gartner EXP, Stamford, Conn., May 2006; The IT Governance Institute (ITGI), IT Governance Global Status Report—2006, ITGI, Rolling Meadows, Ill., 2006.


U.S. General Accounting Office (GAO), Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, GAO-04-394G, Version 1.1, GAO, Washington, D.C., March 2004.


U.S. Office of Management and Budget, “Security of Federal Automated Information Resources,” OMB Circular A-130, Appendix III, available at, revises procedures formerly contained in Appendix III to OMB Circular No. A-130 (50 FR 52730; December 24, 1985) and incorporates requirements of the Computer Security Act of 1987 (P.L. 100-235) and responsibilities assigned in applicable national security directives; W.H. Ware, ed., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, AD # A076617/0, Rand Corporation, Santa Monica, Calif., February 1970, reissued October 1979; Federal Information Security Management Act of 2002 (FISMA, 44 U.S.C. § 3541, et seq.).


Data Privacy and Integrity Advisory Committee, Framework for Privacy Analysis of Programs, Technologies, and Applications, Report No. 2006-01, U.S. Department of Homeland Security, Washington, D.C., adopted March 7, 2006.


U.S. Department of Health, Education, and Welfare, Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, Code of Fair Information Practices, July 1973, available at

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement