IT Security Governance and Centralized Security Controls

Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security policies and procedures. This chapter presents the problem and the framework for ensuring that the organization’s policies are implemented over time. Since many of these policies require human involvement (employee and customer actions, for example), the goals are met only if such human activities can be influenced and monitored and if positive outcomes are rewarded while negative actions are sanctioned. This is the challenge to IT governance. One central issue in the context of IT security governance is the degree to which IT security controls should be centralized or decentralized. This issue is discussed in the context of enterprise security management.

Download Full-text

Securing Cloud Computing Through IT Governance

INFORMATION TECHNOLOGY IN INDUSTRY ◽

10.17762/itii.v7i1.62 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Salman M. Faizi, Shawon Rahman

Keyword(s):

Information Technology ◽

Cloud Computing ◽

Information Security ◽

It Governance ◽

Security Governance ◽

Business Alignment ◽

Information Security Governance ◽

Business Needs ◽

Market Needs

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

Download Full-text

The Relationship Between Digital Forensics, Corporate Governance, IT Governance, and IS Governance

Digital Crime and Forensic Science in Cyberspace ◽

10.4018/978-1-59140-872-7.ch011 ◽

2011 ◽

pp. 243-266 ◽

Cited By ~ 4

Author(s):

S.H. (Basie) von Solms ◽

C.P. (Buks) Louwrens

Keyword(s):

Information Technology ◽

Corporate Governance ◽

Information Security ◽

Digital Forensics ◽

It Governance ◽

Security Governance ◽

Technology Governance ◽

Information Technology Governance ◽

Information Security Governance ◽

The Relationship

The purpose of this chapter is twofold: Firstly, we want to determine the relationships, if any, between the discipline of digital forensics and the peer disciplines of corporate governance, information technology governance, and information security governance. Secondly, after we have determined such relationships between these disciplines, we want to determine if there is an overlap between these disciplines, and if so, investigate the content of the overlap between information technology governance and digital forensics.Therefore, we want to position the discipline of digital forensics in relation to corporate governance, information technology governance, and information security governance, and describe in detail the relationship between information technology governance and digital forensics.

Download Full-text

The Effects Of Social Engineering On Enterprise Security

Scholar Chatter ◽

10.47036/sc.2.1.1-14.2021 ◽

2021 ◽

Vol 2 (1) ◽

pp. 1-14

Author(s):

Taurus Jackson

Keyword(s):

Information Technology ◽

Response Times ◽

Social Engineering ◽

Business Environment ◽

Information Technology Professionals ◽

Control Methods ◽

Structured Interviews ◽

Policies And Procedures ◽

Key Factor ◽

Enterprise Security

The focus of this research was to explore present control methods and solutions used throughout technology-based, healthcare-based, and manufacturing-based organizations in southwest Georgia to determine their effectiveness for reducing potential threats. Semi-structured interviews with open-ended questions are used to explore 30 information technology professionals' lived experiences with IT security policies and procedures. Two research questions guided the qualitative exploratory case study: How important is social engineering and enterprise security to the organization? and How are organizations evaluating and managing existing organizational solutions? Several themes emerged: (a) lack of education and inadequate information can affect the decision-making process, (b) response times from management is a key factor in reducing threats, (c) a sense of failure is always present, (d) failed IT policy management can increase organizational vulnerability, and (e) social engineering still has a negative stigma in the business environment. The findings suggest that although steps were made to change the perception of social engineering and enterprise security, additional work is needed to ensure employees are aware of how social engineering and enterprise security can affect their organization productivity. Key Words: Information systems, information technology, social engineering, enterprise security, control methods, policies, procedures, management

Download Full-text

The challenges of information technology (IT) governance in public universities over time

Corporate Ownership and Control ◽

10.22495/cocv10i2c2art5 ◽

2013 ◽

Vol 10 (2) ◽

pp. 258-266 ◽

Cited By ~ 1

Author(s):

Karin Olesen ◽

Anil Kumar Narayan ◽

Suresh Ramachandra

Keyword(s):

Information Technology ◽

Public Universities ◽

It Governance ◽

Public University ◽

Traditional Model ◽

It Resources ◽

Governance Models ◽

Changes Over Time ◽

Over Time

Using an in-depth case study, this paper examines challenges that the IT Governance of a public university responds to over time. Our findings indicate the traditional model of IT Governance did not enable the organization to manage their IT resources to match their operational IT needs over a 10 year period. A more process orientated model of IT Governance including organizational drift may be more appropriate to explain the changes over time. To be governed responsibly, the organization over time needs to use their information technology in a manner that is consistent with organizational strategy. The study demonstrated that the best way forward for public universities may be to adopt IT and corporate governance models that allow their management to examine their needs to meet the challenges of matching their IT purchases to their operational needs.

Download Full-text