IT Governance Report: Implementing IT Security Governance Program

Verified

Added on 2022/09/09

AI Summary

This report focuses on the implementation of an IT governance program for Information Security Managers, addressing the need to comply with regulations like the Sarbanes-Oxley Act. The report outlines the process of developing an IT governance program, which includes assessing the current business state, conducting risk and value analysis, and establishing a framework for IT governance. It emphasizes the importance of strategic alignment, risk management, and business value. The report also lists the steps required to design and implement the IT governance program, including involving the leadership team, establishing a cross-functional committee, developing a comprehensive policy, and understanding that IT governance is an ongoing initiative. Furthermore, it details the importance of establishing a baseline and measuring the improvement using KPIs. The report concludes by emphasizing the need for transparency and providing a roadmap for IT governance within the organization.

Click to edit Master title style
1
IT Governance
for Information
Security
Managers
N a m e : C L E M E N T O A K I N T A D E
C o u r s e C o d e : I T A S 4 6 9
I n s t r u c t o r N a m e : J o s e p h D . G r a d e c k i
U n i t N u m b e r : U n i t 1
D a t e : 0 4 - 0 2 - 2 0 2 0

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Click to edit Master title style
2
The business case for implementing a formal IT
governance program
2
• Problem: The organization has been receiving several scrutiny from the external moderators as a
result of the Sarbanes-Oxley Act (SOX) and other federal regulations that apply to the business.
• Solution: The organization is in the need of developing the IT Governance program for the
Information Security Managers within the organization, which would be established with the
analysis of the current organizational scenario.
• Approach: The CIO would assess the scenario and then discuss the trade off for the business
operation to implement stronger it control system. The business operations would be established
with improved measurement followed by the listing of steps to follow design and implementation of
the IT governance program analyzing the risk and value of the implementation plan.
• Risk Assessment: Risk assessment would be followed by the analysis of the steps to be taken
and what issues can it create along with its positive and negative impact. This would help in
developing a mitigation strategy for the negative risks.
• Value Analysis: The benefits added to the business as well as the involvement of value added to
the customer services would contribute to the business forming the value off the implementation.

Click to edit Master title style
3
The outcomes of effective security governance
3
• Strategic alignment
• Delivery of good business value
• Proper management of risk analysis and implementation of
mitigation strategies
• Proper and appropriate measurement of performances
• Resource Management
• Business integration

Click to edit Master title style
4
Some “trade-offs” that business operations may
need to make to have a stronger system of IT
controls
4
• Alignment of the business system selected by the right governance
model right at the top of the business plan led by the CIO.
• Aligning the IT governance policies with the current business
organization model.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Click to edit Master title style
5 5
• Following the resources currently available in the business
organization.
• Analysis of the operations with use of Balanced scorecard and key
performance indicators or KPIs.
• Having tactical cyber security Framework developed
Some “trade-offs” that business operations may
need to make to have a stronger system of IT
controls

Click to edit Master title style
6
Establishing the baseline and measuring the
improvement
6
• A systematic model for information security governance need to be
established to ensure the continuity plan for the business and
influencing principles to be established within the organization according
to the utilization of Cyber world embodied in the viable system model.
• Effective control of internal operations would establish the baseline for
security governance for the business continuity.
• Measurement of the improvement with the utilization of security
governance is triggered with the help of standard approach of clearly
defined units like hourly cost, budget, incident, measurement strategy
implementation.

Click to edit Master title style
7
Listing of steps to design and implement IT
governance program
7
• Assessment of the current business state using business maturity
models and being completely honest about the maturity of the
organization in the assessment procedure.
• Involving the leadership team for IT governance system to earn their
support for demonstration of the program and reduction of risk.
• The establishment of a cross-functional committee.
• Having a much clear and comprehensive policy developed.
• Understanding that IT governance would be an ongoing initiative and
it is not a project that has a closer phase or a one time approach

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Click to edit Master title style
8
Listing of steps to design and implement IT
governance program
8
• Outlining the course on IT governance for the organization.
• Establishing IT governance plan.
• Aiming for short time governance objective and analyzing the
achievements.
• Establishing the IT governance roadmap for the organization.
• Enhancing the transparency for the IT governance.

Click to edit Master title style
9 9
References
Ghildyal, A., & Chang, E. (2017). IT governance, IT/business alignment and organization
performance for public sectors. Journal of Economics, Business and
Management, 5(6), 255-260.
Joshi, A., Bollen, L., Hassink, H., De Haes, S., & Van Grembergen, W. (2018). Explaining IT
governance disclosure through the constructs of IT governance maturity and IT
strategic role. Information & Management, 55(3), 368-380.