Introduction:
Information Technology Governance Institute (ITGI) defines Information Technology Governance (ITG) as consists of the leadership, organizational structures, and processes that ensure that the organization’s information technology sustains and extends the organization’s strategies and objectives. Also, ITG should result in the union of good practices to ensure that the organization’s information technology supports the business objectives, maximizes benefits and opportunities, and helps in gaining competitive advantage (ITGI, 2006).
IT governance (ITG) is a part of corporate governance cited as a means to help organizations manage risk and protect themselves from technology-related losses (Mohamed & Kaur, 2012). Similarly, Information Security Governance (ISG) was considered as being contained in ITG, inherent in corporate governance with a peculiar function in its own right (Holgate, et al. 2012).
Information Security Governance (ISG) was represented as being implicit in ITG, implicit in corporate governance only and as a function in its own right (see Holgate, et al. 2012).
IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500).
According to Whitman and Mattord (2013), information security exists in an organization primarily to manage information technology risks.
NIST describes Information security governance as “the process of establishing and maintaining a framework and supporting
In modern society, IT (information technology) governance plays an important role in business development. Therefore a good IT organization is which match all the business need and also performance well to get lead in the industry. This report will analyze four sections related to WestJet Airlines case. First of all, the five specific areas in IT governance will be considered. Second, AS8015 model for IT governance will be defined, and a strong example will be discussed. The third part is about risk identification and control for WestJet Airlines’ IT operations. The last section will discuss how Smith manage the transformation propose.
IT Governance is an internal IT strategy used to analyze and prioritize current and future IT projects through the IT governance process. It involves assessing current projects, defining future vision, and ensuring project road maps are structured properly. “Good governance enables you to make and implement better decisions faster, and provides the foundation for weaving together business and IT strategies (Broadbent, Kitzis, 2005).
The major goal is to integrate Information Systems/Information Technology with the corporate strategy to use information for better governance and management. This has improved with the connectivity and networking and also the shrinking cost- performance ratios in technology. IT governance thus is a result of the complete merger of computer and communications technologies, like data processing and high advancement in networks, and integrated systems. (Bloomfield; et al, 2000) To this extent the software of the stand alone systems have to be converted to a single functional system for all requirements and the system involves the creation of a network with the following functionality:
A sound information security policy begins with an understanding of what is the current climate, which can consist of policies, regulations, and laws. It is imperative to understand what legislation your line of business must comply with as well any applicable governance requirements. Beginning with defining what is a policy, a guideline and a standard: a policy provides specific requirements or rules to abide by, which can be either at the governmental level, meaning a statute and/or organization-specific directive; also known as administrative law. According to the SANS Institute (n/d), a leading cooperative research and education organization, a standard can be an amalgam of requirements that is applicable to the user body; and a guideline can be considered akin to a recommendation for a best practice (SANS Institute, n/d). Current government policies can be issued by federal, state, local and/or tribal
Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology.
In this paper I will be discussing some of the benefits of having frameworks for information security management. What each of the frameworks of information security are, their pros and their cons. Which major perspectives to consider in information security management and framework choice. What organizational factors should be considered in framework choice? I will also attempt to come up with a better framework for information security.
IM/IT governance helps the organization make business decisions more accurately and in a timelier manner (Glandon, Smaltz, Slovensky, 2008). In order to complete this, five general guidelines were created. They are as follows: Develop a consistent IT strategy, Align IT Planning with Organizational Planning, Develop IT Infrastructure, Architecture and Policies, Set IT Project
Assess the adequacy and effectiveness of the organization’s IS security policy. In addition, assess whether the control requirements specified in the organization’s IS security standards adequately protect the information assets of the organization. At a minimum, the standards should specify the following controls and require them to be applicable to all information systems:
In shaping a new security policies, it is essential to have a full understanding of all aspects of the internal network and services to be protected from both internal and outside threats. An article by Solms & Solms (2004) outlines several criteria in developing information security. First, a governing body must be formed to ensure all sensitive data is secured and provide due
IT monarchy is fitting governance for the decisions like aligning security procedures to IS architecture specifications, where corporate IT (Individuals or groups of IT executives. ) takes the title role and is responsible for specifying the configuration, consistency in protection & achieving competency among the components according to the need of the organization (Saunders, 2013). University of the Southeast did followed the IT Monarchy archetype by making Information Technologies and Resources (IT&R ) responsible for taking decisions regarding IT architecture & security Infrastructure by providing computer services, telecommunications, multimedia support across the campus (Saunders, 2013). The decision making power were entirely in the hands of IT&R. If IR&R had tried to provide the faculty with the decision making right of having control on archiving their own emails or choosing their preferred e-mail address or changing their email address printed in the university directory
IT (Information Technology) management entails all the routine issues faced by any type of business manager in addition to the issues of software development, technology purchasing (not necessarily physical items), systems integration, the limits of technology and the related budgetary issues. General information literacy is important for any level of IT manager, as he or she needs to communicate successfully using many different modes, media, and technology with all types of IT workers, upper management, and technology product vendors. IT management also entails leadership of projects or departments. Information
The purpose of each control on the Sphere of Protection is to protect the valuable information and information systems assets. The focus of each control is management, operational, and technical controls in which sums up the sphere of protection. Management controls cover security processes designed by strategic planners and performed by security administration (2) Operational controls deal with operational functionality of security in organization and (3) Lastly, technical controls address tactical and technical implementations related to designing and implementing security in
The objective of information security policy is to provide management direction and support for information security in accordance to protect personal
Information Technology (IT): The hardware and software technologies a firm needs to achieve its business objectives (Kenneth C Laudon and Jane P Laudon., 2010).
In order to effectively implement security governance, the Corporate Governance Task Force (CGTF) recommends that organizations follow an established framework, such as the IDEAL framework from the Carnegie Mellon University Software Engineering Institute. This framework, which is described in the document “Information Security Governance: Call to Action,” defines the responsibilities of (1) the board of directors or trustees, (2) the senior organizational executive (i.e., CEO), (3) executive team members, (4) senior managers, and (5) all employees and users. This important document can be found at the Information Systems Audit and Control Association (ISACA) Web site at www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997.