Discussion6_12
docx
keyboard_arrow_up
School
University of the Cumberlands *
*We aren’t endorsed by this school
Course
831
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
2
Uploaded by DeanMolePerson601
What do you think were the critical factors that fueled the need for IT governance? In what ways did ISO affect the standards for network security?
It is essential to have
IT investments support business objectives in an organization
: IT governance, a formal framework introduced for this purpose. This framework helps organizations
achieve their strategic goals by producing measurable results
. It considers stakeholders’ interests, processes, and the employees into account.
IT governance policies are implemented to
meet internal and external requirements
using best
practices and controls due to the
regulations concerning protecting confidential information, data retention and disaster recovery, financial accountability, and many more
.
Both
public and private-sector organizations
need IT governance to support business strategies and objectives. IT governance policies are developed to help assess the
overall IT operations, key performance indicators, and IT returns from their investments
. Any organization that must comply with financial and technological accountability regulations should implement IT governance policies.
Since IT has become crucial to support, sustainability, and growth of the business, this pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT Governance (ITG) (De Haes and Grembergen, 2008). IT governance is an essential part of enterprise governance, as both require a balance between conformance and performance goals directed by the board. IT Governance is a process and is neither a point-in-time nor a committee or department.
IT Governance objective
is about IT decisions
to ensure the delivery of
business results
.
IT Governance is meaningful only if
ownership and responsibility
are recognized.
Weill and Ross define IT governance as the decision rights and accountability framework to encourage desirable behavior in the use of IT (Peter Weill, Jeanne W. Ross, 2004). There are
three components
of IT governance:
o
IT Decisions Domains
o
IT Governance Archetypes
o
Implementation Mechanisms
IT Governance provides a framework for
IT Strategic management
and ensures the following are in place.
o
Decision Making
: IT workflows improved with the help of IT Governance.
o
Accountability
(Gunawardena & Ramesh, 2014): It is essential to identify the right resources who can make difficult decisions and are held responsible and accountable for.
o
Risk management:
IT managers should identify the risk associated with the IT initiatives and help mitigate them.
o
Resource Management
: IT Governance helps plan and organize IT initiatives by managing resources.
Data breaches
lead to significant damage to an organization’s reputation financial health and stains relations with its stakeholders (Mikalef et al., 2018). Network security standards are affected in various ways by ISO.
o
To make it easy for an organization to
evaluate and monitor the performance of the network standards
, ISO created a
universal standard for the networks.
o
ISO simplified the process of
monitoring, evaluation, and auditing
. According to Achmadi, Suryanto & Ramli (2018), ISO 27001 eliminates the need for repeated audits. It
provides a defined schedule of auditing in an organization.IT governance was necessitated by the need for risk management, resource management, profitability, alignment of all business goals and strategies, and adherence to national rules and regulations on IT. ISO has changed network security by providing a common ground for evaluation and simplifying the auditing process. “ISO/IEC 27043 offers guidelines that describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security”(Lewis, 2019).
ISO/IEC 27001 demonstrates that organizations have implemented
best-practice information security processes
.
o
ISO certification ensures every organization
contemplates cyber-security
.
o
ISO certification demonstrates
creditability when tendering for contracts
.
o
ISO certificate is a
supply chain requirement
, while it is often a legal requirement in Japan and India.
o
It also helps organizations to
expand into global markets
.
o
ISO certificates always
protect and enhance your organizational reputation
.
o
ISO is considered the only
auditable international standard
that defines the requirements of an ISMS.
o
ISO avoids the financial penalties and losses associated with data breaches by having accepted a
global benchmark
for the effective management of
information assets
.
References:
o
Weill, P., & Ross, J. W. (2004). It governance: Cover title: It governance: How top performers manage It decision rights for superior results. Harvard Business School Press.
o
David Shpilberg, S. B. (2007, October 1). Avoiding the alignment trap in it. MIT Sloan Management Review. Retrieved February 10, 2022, from
https://sloanreview.mit.edu/article/avoiding-the-alignment-trap-in-it/
o
Lindros, K. (2017, July 31). What is iovernance? A formal way to align IT & business strategy. CIO. Retrieved February 9, 2022, from
https://www.cio.com/article/272051/governanceit-governance-definition-and-
solutions.html
o
It governance. IT Governance - CIO Wiki. (n.d.). Retrieved February 9, 2022, from
https://cio-wiki.org/wiki/IT_Governance
o
Gunawardena, Lasitha & Ramesh, Latha ( 2014, August). Understanding IT Governance and why it often fails.
https://www.architectureandgovernance.com/it-governance/understanding-
governance-often-fails/
o
Achmadi, D., Suryanto, Y., & Ramli, K. (2018, May). On developing information security management system (isms) framework for iso 27001-based data center. In 2018 International Workshop on Big Data and Information Security (IWBIS) (pp. 149-157). IEEE.
o
Lewis, Barnaby. (2019, January). How to tackle today’s IT security risks.
https://www.iso.org/news/ref2360.html
o
Baker, A. (2019, September 10). Why ISO 27001 is 'the' standard for information security. IT Governance Blog En. Retrieved February 10, 2022, from
https://www.itgovernance.eu/blog/en/why-iso-27001-is-the-standard-for-information-
security#:~:text=By%20providing%20a%20globally%20accepted,the%20requirements
%20of%20an%20ISMS
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help