IT Governance Framework Analysis: Company and University

Verified

Added on 2023/01/12

AI Summary

This assignment delves into the realm of IT governance, exploring the implementation and frameworks within a company setting and comparing it with the IT governance structure of the University of Newcastle. The student analyzes the presence of a formal IT governance framework within their host company, examining policy documents, intranet references, and decision-making bodies. If a formal framework is absent, the student describes the existing processes for ensuring efficiency, control, value, accountability, and responsibility. Alternatively, the assignment involves reviewing the University of Newcastle's IT Governance Framework, providing a summary of its operational aspects. The solution also discusses relevant legislation, such as the Australian Privacy Act 1988 and its amendments, highlighting the importance of data security, mandatory data breach notification schemes, and mitigation strategies against cyber-attacks. The student references key concepts such as Information Security Management System (ISMS) and Information Security Risk Management System, emphasizing the significance of cybersecurity and the protection of information assets. The assignment aims to provide a comprehensive understanding of IT governance principles and their practical application in different organizational contexts.

Running Head: IT governance 0
IT governance
Individual task
Student name
6/5/2019

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IT Governance 1
Solution 1
An organization requires IT governance framework to manage their different business functions
properly. There are different types of IT governance framework available in the market, which are
feasible for maintain different role and responsibilities of an organization, such as COBIT, ITIL, and
PRINCE2, and many others.
IT governance provides many benefits to the employer as well as employees. In addition, it secure rights
of employees and provide them different facilities, such as safety, healthy environment, and many
others ( Pennison, 2016).
In addition, the University of Newcastle implemented IT governance to manage different people and
processes. Therefore, the university manages different things using a hierarchy of different people, who
are responsible for all the processes, as they have rights to manage all those processes.
According to (SFIA, 2019), a firm should manage their resources properly and increase the performance
of people, who are working in their firm. The university adopts IT framework to manage all the things
especially Information assets.
Furthermore, IT governance has created different roles and their responsibility, such as strategic IT
committee (SITC), IT Governance Portfolio Office. Project business leaders (PBLs), IT services, and many
others. However, all those roles and responsibility requires a secure network and cybersecurity to
secure the entire infrastructure (Van Grembergen, 2010).
All those roles are responsible to manage all things but anyone can misuse of their access to get
personal benefits, which is a cause of different cyber-attacks. The university must include Information
Security Management System (ISMS) to protect all information assets and implement Information
Security Risk Management System to prevent whole system from different types of risks (Nfuka & Rusu,
2011).
Solution 2
In Australian, Privacy Act 1988 is applied for information technologies uses on the organization. The
Australian government makes changes in that act in February 2018. This amendment to the Australian

IT Governance 2
Privacy Act 1988 (Privacy Act) gives life to the Mandatory Data Breach Notification Scheme (the Scheme)
on 22 February 2018 (Pal, 2018).
It provides security to the data and information of people and organizations from data breaches and
many other cyber-attacks. Therefore, most of the firm uses the proper channel in the implementation of
IT services in their premises. Moreover, ICT acts are required changes because of huge losses because of
cyber-attacks. It will secure data and information of people from cybercrimes.
The Australian government has made changes in ICT acts. In addition, it provides mitigation strategies to
all the organization to protect their information systems from cyber-attacks.
References
Pennison, A., 2016. Alignment of Enterprise Governance and IT Governance. [Online]
Available at: https://slideplayer.com/slide/3356759/
Nfuka, E. N. & Rusu, L., 2011. The effect of critical success factors on IT governance performance.
[Online]
Available at: https://www.emeraldinsight.com/doi/pdfplus/10.1108/02635571111182773
[Accessed 5 March 2019].
Pal, A., 2018. A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and
Mandatory Data Breach Notification Scheme. [Online]
Available at:
https://www.cso.com.au/article/540185/brief_guide_ict_security_controls_required_by_australian_priv
acy_principles/
[Accessed 4 June 2019].
SFIA, 2019. IT governance GOVN. [Online]
Available at: https://www.sfia-online.org/en/framework/sfia-6/skills/strategy-architecture/information-
strategy/it-governance
[Accessed 25 May 2019].
Van Grembergen, W., 2010. From IT Governance to Enterprise Governance of IT: a Journey for creating
Business Value out of IT. Berlin, Springer, pp. 3-3.