Information Security Governance in Large Organizations

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to discuss the information security governance and to address the weaknesses identified in the literature. Based on practices of information security management and governance, the authors propose ISGO, a practical maturity framework for the information security governance and management in organizations. The findings will help organizations to assess their capability maturity state and to address the procedural, technical, and human aspects of information security governance and management process.

Information Security Governance Practices and Commitments in Organizations

Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance. The statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries such as retail/wholesale, banking, services, telecom, private and governmental organizations provides a record of current practices in information security governance. The findings allowed the authors to propose a practical framework to evaluate the information security governance in organizations.

IT Management Agility in Large Organizations

A successful IT service and asset management need to be efficient and agile to help transform from a traditional into a digital enterprise. In this chapter, the authors propose a global and practical strategic framework to improve ITSM service management processes with the additions of two drivers: agility management based on DevOps and security management based on SecOps. The proposed framework will affect all aspects of user productivity DSI oriented and implement an agile approach in the heart of the management of all these aspects. They will study a case of application of the proposed framework on a large company and the gain made on the strategic level and decision making. The authors propose to measure the maturity of the ITSM of the organization and set up their benchmark to improve IT governance through the proposed ITSM framework.

Managing the Cloud for Information System Agility in Organizations

In 2007, cloud computing was introduced to the IT dictionary. The theme is attracting growing interest from both the IT world and the business players who need to enhance information systems agility, reduced costs, or reduce dependence on internal IT teams when they are judged too slow. However, the fact that cloud computing, as presented by providers, increases the agility is unclear. Business managers, IT professional, and academics are querying the relationship between cloud computing and IT agility. This chapter aims to understand cloud computing's role in improving IT agility by introducing recent studies in the IS and IT management literature. This chapter argues that cloud computing impact IS performance by organizational capabilities (agility). The authors also propose a conceptual framework to improve IS agility by cloud computing based on DevOps. One of the primary motivations of this research is the lack of fieldwork when considering how cloud computing improves information systems agility.

Information Security Policy in Large Public Organizations

The aim of this chapter is to study the success factors of the ISO 27002 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27002 in the implementation of information security policies in organizations. The purpose of this chapter is to investigate what controls are commonly used and how they are selected to the implementation of an information security in large public organizations in Middle East and North Africa (MENA) through ISO27002, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27002. The finding will help organizations to assess organizations to implement an effective information security policy.

Strategic Agility Frameworks for Information System Governance

In the current era, multiple factors have driven information systems (IS) to be able to cope with changes caused by internal and external factors that affect organization strategy. Various environmental factors can influence organization and performance capacity and tend to change organizational strategy, including political, socioeconomic, financial, and technological changes. Early in the 21st century, other changes are expected, such as those associated with cybercrime and artificial intelligence. Here, the authors discuss the concept of agility, the dimension of agility, relevant literature studies, and proposed model and conclusions.

Evaluation of IT Governance in Middle East and North African Large Organizations

This chapter provides a deeper understanding of IT governance frameworks and their adoption, drawing on established information systems theories. A mixed two-stage approach using quantitative and qualitative studies is used to examine the feasibility of developing an IT governance assessment framework based on COBIT to assess IT governance in a specific context. The first step seeks to identify key COBIT best practices within organizations. A survey of 20 large organizations in the MENA region was adopted. In the second phase, a case study used to explore the factors that influence the adoption of the adapted IT governance assessment framework.

A Deep Overview of Information Technology Governance Standards

This chapter presents the state of the art in research on the practice of information technology (IT) governance. The authors have chosen to present this state of the art by means of a frame of reference inspired by the four “worlds” framework that was initially introduced to characterize IT engineering problems. This framework, complemented by facets, provides a structure for characterizing governance approaches that facilitate their comparison. Each facet corresponds to an essential characteristic of IS governance. A facet is associated with a set of values that allow a finer comparison of approaches with each other. This chapter will provide a comprehensive understanding of the current state of IT governance standards and best practices.

From Information Governance to IT Governance

Information governance is more established in organizations. While the need to manage information is not new, new challenges have emerged over the past decade and have grown and become more complex with the opportunities offered by emerging technologies. This chapter provides a deep overview of current information governance literature across five key focus areas defined by COBIT 5: business strategic alignment, delivery of value, risk management, management, and performance management. The chapter focuses on synthesizing the current literature on information governance definitions and issues. The purpose of this chapter is to present a detailed overview of research across information governance definitions in the last two decades. The chapter aims to guide future research in each of the focus areas of information governance.