scholarly journals Securing Cloud Computing Through IT Governance

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Salman M. Faizi, Shawon Rahman
Keyword(s):  
Information Technology ◽  
Cloud Computing ◽  
Information Security ◽  
It Governance ◽  
Security Governance ◽  
Business Alignment ◽  
Information Security Governance ◽  
Business Needs ◽  
Market Needs

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

The Relationship Between Digital Forensics, Corporate Governance, IT Governance, and IS Governance

2011 ◽  
pp. 243-266 ◽  
Author(s):  
S.H. (Basie) von Solms ◽  
C.P. (Buks) Louwrens
Keyword(s):  
Information Technology ◽  
Corporate Governance ◽  
Information Security ◽  
Digital Forensics ◽  
It Governance ◽  
Security Governance ◽  
Technology Governance ◽  
Information Technology Governance ◽  
Information Security Governance ◽  
The Relationship

The purpose of this chapter is twofold: Firstly, we want to determine the relationships, if any, between the discipline of digital forensics and the peer disciplines of corporate governance, information technology governance, and information security governance. Secondly, after we have determined such relationships between these disciplines, we want to determine if there is an overlap between these disciplines, and if so, investigate the content of the overlap between information technology governance and digital forensics.Therefore, we want to position the discipline of digital forensics in relation to corporate governance, information technology governance, and information security governance, and describe in detail the relationship between information technology governance and digital forensics.

Governing Information Security

2013 ◽  
pp. 29-45
Author(s):  
Yu “Andy” Wu ◽  
Carol Stoak Saunders
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Decision Rights ◽  
Security Governance ◽  
Level Information ◽  
Information Security Governance ◽  
Allocation Patterns ◽  
High Level ◽  
Decisional Authority ◽  
Selection Of

Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.

Exploring Information Security Governance in Cloud Computing Organisation

2018 ◽  
pp. 544-562
Author(s):  
Hemlata Gangwar ◽  
Hema Date
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Technology Implementation ◽  
Identity Management ◽  
Education And Training ◽  
End User ◽  
Governance Framework ◽  
Security Governance ◽  
Information Security Governance ◽  
And Training

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.

scholarly journals The Implementation of Multiple Information Security Governance (ISG) Frameworks Strategy and Critical Success Factors in Indonesia’s Oil and Gas Industry: Case Study of PT X

2020 ◽  
Vol 16 (2) ◽  
pp. 43-56
Author(s):  
Bob Hardian Syahbuddin ◽  
Wachid Yoga Afrida ◽  
Fatimah Azzahro ◽  
Achmad Nizar Hidayanto ◽  
Kongkiti Phusavat
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Oil And Gas ◽  
Oil And Gas Industry ◽  
Gas Industry ◽  
Economic Wealth ◽  
Security Governance ◽  
Inhibiting Factors ◽  
Information Security Governance

Oil and gas industry are among the largest contributor to the Indonesia’s foreign exchange. Many believe that information technology will be major driver for economic wealth in the oil and gas Industry. However, implementing information technology to support corporate business process brings vast information security risks. There is a need of comprehensive information security governance that can comply to information security standards and regulations. This research is conducted to evaluate the use of multiple ISG frameworks for implementing information security governance in a multinational oil and gas company. In detail, we evaluate the effectiveness of such framework, assess its implementation maturity level, and identify the success and inhibiting factors for implementing ISG frameworks. This study shows that framework XYZ, as a multiple ISG framework, is effective to cover the controls of ISO 17799, COSO, and IT Risk Framework at once. Meanwhile, the observed case study indicated lack of compliancy of Framework XYZ followed by the invention of gap between current ISG implementation efforts and company visions. Lastly, several success and inhibiting factors are identified in the ISG framework implementation at PT X.

Exploring Information Security Governance in Cloud Computing Organisation

Web Services ◽  
2019 ◽  
pp. 2041-2059
Author(s):  
Hemlata Gangwar ◽  
Hema Date
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Technology Implementation ◽  
Identity Management ◽  
Education And Training ◽  
End User ◽  
Governance Framework ◽  
Security Governance ◽  
Information Security Governance ◽  
And Training

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.

Exploring Information Security Governance in Cloud Computing Organisation

2015 ◽  
Vol 2 (1) ◽  
pp. 44-61 ◽  
Author(s):  
Hemlata Gangwar ◽  
Hema Date
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Asset Management ◽  
Education And Training ◽  
End User ◽  
Case Study Methodology ◽  
Governance Framework ◽  
Security Governance ◽  
Information Security Governance ◽  
And Training

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.

Sign in / Sign up

Export Citation Format

Share Document