IT Governance and Information Security

2021 ◽  
pp. 45-84
Author(s):  
Yassine Maleh ◽  
Abdelkebir Sahid ◽  
Mamoun Alazab ◽  
Mustapha Belaissaoui
Keyword(s):  
Information Security ◽  
It Governance

scholarly journals Securing Cloud Computing Through IT Governance

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Salman M. Faizi, Shawon Rahman
Keyword(s):  
Information Technology ◽  
Cloud Computing ◽  
Information Security ◽  
It Governance ◽  
Security Governance ◽  
Business Alignment ◽  
Information Security Governance ◽  
Business Needs ◽  
Market Needs

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

scholarly journals Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

2021 ◽  
Vol 5 (1) ◽  
pp. 1
Author(s):  
Susi Susilowati
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Medical Devices ◽  
Business Processes ◽  
It Governance ◽  
Maturity Level ◽  
A Company ◽  
Level 2 ◽  
Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

A Model of Information Security Governance for E-Business

2008 ◽  
pp. 2958-2969
Author(s):  
Dieter Fink ◽  
Tobias Huegle ◽  
Martin Dortschy
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
New Technologies ◽  
It Governance ◽  
Security Management ◽  
Business Environment ◽  
Proposed Model ◽  
Information Security Governance ◽  
Business Security

This chapter identifies various levels of governance followed by a focus on the role of information technology (IT) governance with reference to information security for today’s electronic business (e-business) environment. It outlines levels of enterprise, corporate, and business governance in relation to IT governance before integrating the latter with e-business security management. E-business has made organisations even more reliant on the application of IT while exploiting its capabilities for generating business advantages. The emergence of and dependence on new technologies, like the Internet, have increased exposure of businesses to technology-originated threats and have created new requirements for security management and governance. Previous IT governance frameworks, such as those provided by the IT Governance Institute, Standards Australia, and The National Cyber Security Partnership, have not given the connection between IT governance and e-business security sufficient attention. The proposed model achieves the necessary integration through risk management in which the tensions between threat reduction and value generation activities have to be balanced.

Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University

2014 ◽  
Vol 1 (1) ◽  
pp. 46-58
Author(s):  
IGN Mantra
Keyword(s):  
Information Security ◽  
Management System ◽  
It Governance ◽  
Security Management ◽  
Main Interest ◽  
Information Security Management ◽  
Information Security Management System ◽  
Security Standard ◽  
Iso 27001

There is a need for an Information Security Management System Standard (ISO 27001:2005) at Perbanas University in general. Particularly ABFII Perbanas needs IT governance on Information Security. ISO 27001:2005 is an Information Security Standard that widely used as Information Security Management System (ISMS). IT Governance approach is the main interest within ISO 27001:2005 for Perbanas University.

Integrating Knowledge Management into Information Security

2019 ◽  
Vol 15 (1) ◽  
pp. 37-52 ◽  
Author(s):  
Cheuk Hang Au ◽  
Walter S. L. Fung
Keyword(s):  
Knowledge Management ◽  
Information Security ◽  
It Governance ◽  
Positive Influence ◽  
Knowledge Framework ◽  
Mediating Role ◽  
Audit Result ◽  
Knowledge Circulation ◽  
Audit Standard

Repeated information security (InfoSec) incidents have harmed the confidence of people on enterprises' InfoSec capability. While most organisations adopt control frameworks such as ISO27001 and COBIT, the role and contribution of knowledge management on InfoSec was inadequately considered. The authors integrated the concepts of knowledge-centric information security and IT Governance (ITG) into an ITG-driven knowledge framework (ITGKF) for reinforcing InfoSec maturity and auditability of enterprises. The authors also tried to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. The authors confirmed the positive influence of IT governance on knowledge-centric information security (KCIS) and information security maturity and audit result (ISMAR), the positive influence of KCIS on ISMAR, and the mediating role of KCIS between ITG and ISMAR. These indicated the significance of KM in InfoSec area. Based on the findings, they proposed possible changes of integrating KM in different InfoSec practices and audit standard.

scholarly journals Accounting Information Security and IT Governance Under COBIT 5 Framework: A Case Study

Webology ◽  
2021 ◽  
Vol 18 (Special Issue 02) ◽  
pp. 294-310
Author(s):  
Qayssar Ali Al-Fatlawi ◽  
Dawood Salman Al Farttoosi ◽  
Akeel Hamza Almagtome
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Accounting Information ◽  
It Governance ◽  
Accounting System ◽  
Accounting Information Systems ◽  
Technology Governance ◽  
Information Technology Governance

This paper aims to explore the role of applying information technology governance using the COBIT 5 framework in improving the security of accounting information systems. The paper also aims to assess the level of governance of information technology in the Trade Bank of Iraq TBI through COBIT 5 processes, including 4 dimensions of planning and organization, acquisition and implementation, support and delivery, and monitoring. The study uses a qualitative approach through a case study conducted at the Iraqi Bank of Commerce. The results show that applying the COBIT 5 governance mechanisms of information technology reduces data processing risks and improves automated accounting information systems' security. The results also show that the Trade Bank of Iraq can implement the COBIT 5 Framework. Also, the accounting system used in the Bank has all the features of information technology governance that, on the one hand, ensure confidentiality of customer information and, on the other hand, prevent the system from penetrating. The results of the current study provide a better understanding of stakeholders on the nature of IT governance in the light of the COBIT 5 framework and its role in enhancing accounting information security.

Exploring information security compliance in corporate IT governance

2009 ◽  
Vol 28 (3) ◽  
pp. 131-140 ◽  
Author(s):  
J. Michael Tarn ◽  
Heath Raymond ◽  
Muhammad Razi ◽  
Bernard T. Han
Keyword(s):  
Information Security ◽  
It Governance ◽  
Security Compliance
Sign in / Sign up

Export Citation Format

Share Document