Why should stakeholders be involved in IT Governance?
Different stakeholders play different roles in IT governance. Some of the stakeholders include investors, providers and controllers (Isaca, 2011). Investors include business partners, business management, and IT management. They are important since they provide funding. In addition, they want to ensure that their investment is made in line with their strategic objectives. Controllers include external and internal audit officers, human resources, finance and risk and compliance officers (Isaca, 2011). These stakeholders monitor risk and ensure that the IT governance is compliant to any regulatory and legal requirements. Providers ensure that there is provision of procurement supplies. Further, they ensure that customer expectations are met while enhancing the reputation of the organization (Isaca, 2011). Alignment of customer’s expectations and stakeholders is essential for ensuring cooperative success (Huang, 2007). IT governance facilitates decisions and IT policies that ensure stakeholders expectations are met.
Impacts of IT Governance
According to Whitaman and Mattord (2011), IT governance refers to the application of principles of corporate governance such as provision of strategic direction by the executive management, accomplishments of organizational objectives and management of risks to ensure that resources are utilized responsibly. The increase in the adoption of different technologies has increased the essence and requirement for organizations to protect their information and assets. IT governance provides a form of control regarding the organization’s investments and assets. Through IT governance, different functions in an organization can be separated and assigned different personnel. IT governance occurs via a variety of methods involving processes, structures, and procedures. Managers need to understand that the rules and objectives of IT governance are aimed towards achievement of business success (ISACA, 2012). In any business, risk is a vital component. For managers to be able to mitigate risks, application of IT risk frameworks is essential in decision-making. COBIT provides a system of effective management of IT related risks (ISACA, 2012). A governance framework in IT provides a plan of implementation for the advancement of security practices. A governance framework will define different tasks for the different members in an organization. Senior management offers the way forward on the best approach in the implementation of security practices (Business Software Alliance).
What is the role of IT security professionals in terms of governance?
Threats to information security have considerably increased in today’s IT world. This has necessitated a drastic change in the roles of IT security professionals to protect private or sensitive information from unauthorized access and disclosure. IT security professionals implement any technical changes needed to elevate the security level of a firm’s information system. They should then elaborate to senior management the meaning or main purpose of such changes (Batten, 2008).
Theft of laptops, external hard drives and other portable digital devices has led to the loss of personal and sometimes vital information. This has become a common occurrence in public places like classrooms and libraries. IT security professionals can institute protective measures like passwords or fingerprint requests to access the device, without which the device cannot be accessed for use.
According to Calder and Watkins (2012), IT security involves the establishment of certain standards that have to be adhered to for effective and smooth flow of activities. These policies usually have consequences so that employees may take them seriously. Such policies, therefore, govern the whole firm. They describe the necessity of carrying certain activities. Creation of passwords and rules concerning changing and construction of passwords are clearly described by IT professionals.
IT professional have a duty to come up with new and more secure policies with time. This is because technological changes make information systems more prone to security breaches hence the need to upgrade the security systems. However, prior to implementation of the new policy sufficient research should be done to determine possible impacts including thorough pros versus cons comparison (Calder and Watkins, 2012).
IT security professionals focus on ensuring that unauthorized persons do not access, modify, or disrupt a firm’s information systems. By doing so, they promote the availability, and confidentiality of information. This is central to efficient governance of a firm
References
Business Software Alliance. (N.d.). Information Security Governance: Toward a Framework for
Action. Retrieved from the World Wide Web:
http://www.bsa.org/country/Research%20and%20Statistics/~/media/BD05BC8FF0F04CBD9D76460B4BED0E67.ashx
Batten, L (2008). It Security Management 100 Success Secrets - 100 Most Asked Questions:
The Missing It Security Management Control, Plan, Implementation, and Evaluation.
New York: Lulu.com.
Calder, A., & Watkins, S. (2012). IT Governance: An International Guide to Data Security
And ISO27001/ISO27002. London: Kogan Page Publishers.
CGEIT review manual 2011. (2011). Rolling Meadows, IL: Information Systems Audit and
Control Association.
Huang, R. R. (2007). Aligning Stakeholders' Expectations: The Roles of IT Governance and an
Organizing Vision. Oklahoma: ProQuest.
ISACA (2012). COBIT Framework for IT Governance and Control. Available at
http://www.isaca.org/Knowledge-Center/cobit/Pages/Overview.aspx
IT Governance Institute (2008). Unlocking Value: An Executive Primer on the Critical Role of
IT Governance. Available at
http://www.isaca.org/KnowledgeCenter/Research/Documents/Unlocking-Value-VerPost-12Nov08-Research.pdf
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security (4th Ed.). Boston,
MA: Course Technology.
