PricingBlogAbout Us

IT Governance and Information Security Report: UoN Case Study

Verified

Added on  2022/10/16

|5
|656
|167
Report
AI Summary
This report delves into the IT governance structure at the University of Nairobi (UoN), detailing its organizational framework, including the roles of various advisory groups like the Strategic IT Advisory Groups (SAGs), and the IT Governance Portfolio office. The report also examines information security, emphasizing the importance of protecting company data. A case study of a cyberattack on the Kansas County election in August 2019 is analyzed, detailing the nature of the denial-of-service attack (DoS) and the subsequent security enhancements implemented. The report highlights the impact of such attacks and the necessity for robust security measures to safeguard critical information and services. The bibliography includes sources related to information security policy compliance and organizational IT architecture and governance structure.
Document Page
Question 1: How IT governance is visible in the UON
The IT governance of the UoN is a constitute of the corporate governance of the school. The IT
governance framework is charged with overseeing and undertaking the necessary operations that
ensure IT strategies set are aligned to the school’s strategies and requirements. As demonstrated
by the UoN IT governance, the team is small with well-defined bodies. The UoN has three
distinct levels, with a level comprising of one or two departments, they include:
1. VC/ UoN Executives
2. SITC/ Advisory groups
3. The ITG portfolio office and Communities of practice (COP)
Each of the teams has different functionality to ensure their effectiveness in meeting their
requirements. The task is done by the advisory group conducting the following activities to the
advisory groups:
Educating them carrying out researches and innovations
Offering administration
Management of the web and relevant information
Virtual and physical group
The UoN SITC is responsible for offering the task to different advisory groups based on their
specialization. The SITC will offer guidance for the topic that's are inclined to administration,
research, education, and innovation. Each of the advisory group is made up of its skilled IT
personnel.
The IT Governance Portfolio office is in charge of developing business project approval. They
also offer advice to the school’s VC on policies in IT, strategies and administrative issues. This is
passed through the executive committee.
The final group in the IT Governance is the COP (community of practices), the main purpose of
this group is to brainstorm and develop ideologies that communicated the community’s desires.
These ideas are run to the Strategic IT Advisory Groups (SAGs)
Question 2: Security on information
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Company information is one of the important assets of an organization. This makes it important
to ensure that the company's information is safe. This information is valuable to the company
and other parties who may want to get access to information from other companies to learn its
secrets or even prevent the normal functioning of an organization. These attacks focus on a
particular date or time in which a particular event is happening.
Kansas county election August (2019)
The Kansa County was conducting an election when a cyber-attack occurred, this attacked
crippled the entire website and any access to them displayed a picture of Mecca and a cryptic
message. This attack took effect for an hour before it was resolved.
The attack was associated with the protest against posting the election results online when the
elections were proceeding. The operation of the election proceeded but the citizens were not able
to view the tally and also make contact to their local agencies.
The security report from the attack is that the hackers were not intending on stealing or
corrupting any information. The hacker did not make any request for a ransomed thus
disqualifying the attack as a ransomed attack. The attack was a denial of service attack (DOS)
that denied the citizens the service of viewing the tally result online.
Despite the fact that the attack was not catastrophic, the County government decided to invest
more in setting up more security measure to ensure such information security incidence were not
experience again.
Document Page
Bibliography
Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance: an
empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), pp.523-548.
Tiwana, A. a0nd Konsynski, B., 2011. Complementarities between organizational IT architecture
and governance structure. Information Systems Research, 21(2), pp.288-304.
Document Page
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.