This case study is meant to look into the importance of incorporating security when it comes to the issue of the governance of their enterprises. Corporate governance is defined as the set of policies and abilities to control and manage their organizations.Security is vital for enterprise on matters pertaining to risk management, for defensible management actions and to establish a control position in a manner that will show that their actions will be as per the desire of the stakeholders and the various shareholder as they act in accordance with the requirements as stipulated by the regulators. The Scott (2010) research was further tailored not only to help the Governors of the institutions and organizations but also to help the Government to have in place measures that tend to help it have in place measures that were viewed to be duplicating the efforts that were already put in place.
Background
These researches were carried out in various organization and institutions, with the aim of seeing how they tackle the issue of Corporate Governance for their Information System Securities. These researches were carried out with the aim of depicting the true nature of the IT organizations.
Methodology
The various teams that were tasked with the duty of carrying out these researches were carried them out mainly be questioning the members of the organizations and further the development of the governance assessment tool which was created with the aim of helping the governors of the institutions to evaluate the various fields that relate to the Information Security Governance in their institutions. In the Corporate Governance Task Force (2004), it was seen that the researchers carried out the research through the governors of the institution and not the other members of the organization. The other method that was used by the teams in these processes was them having in place various questions that they were supposed to answer. In addition to these methods, the research that was carried out by Entrust (2004) was one which was meant to compare the findings of another researchand for them to have the ability of comparing if it will be applicable in their organization.
Results
Smith M (2010)
In addition to this the findings from the research process stipulated that when it comes to the issue of corporate Governance, Risk Management and Compliance, the government has had in place the various measures which are said to at times be repetitive in tackling some issues that come their way. For example, the FCPA which has in place various regulations which prohibit bribery and unethical behavior of the officers.
In addition to this, the research results stipulated that when it comes to IT security, the issue of governance is in most times in the hands of the governors of the organization. They are the ones who are supposed to havein place measures that they deem best in these situations. Further, when it came to governance, the results further stipulated the importance of having the various stakeholders in the decision making processes.
Entrust (2004)
Corporate Governance Task Force (2004)
The research was able to prove that the annual budget of the organizations was not at a good ration as per the population of the institution. In addition to this, the results that were retrieved from the process showed that a high percentage of the population depended on technology in carrying out their day to day activities. Further, the research showed that when it comes to the issue of risk management, the institution had not really put in place risk management plans that would help the institution in cases of cybercrimes and the like.
Discussion
These various researches were meant to show the importance of technology in the businesses and further to bring out the role of governance in pertaining to IT. From the findings, it was clear that it is very important in the business and it is advisable for the members of the governing committee to have in place various steps to acquire or improve their organizations technology. However, it was noted that the members must be ready since at time the fruit from the costly venture may not bear fruits as they desire.
In addition to this, it was realised that it is critical to have the stakeholders in the governing committee since, in most instances is the company experiences a loss it will in most instances be required to give an account for the reason they took that step, however if the stakeholders’ representative was in the governing committee, then the decision will always be considered to be one which was mutual and at least they were given a chance to air out their views in the decision.
Recommendations
For a better functioning of the organizations in matters pertaining to the IT corporate governance, it will be helpful to the organization if they take the following measures
Have in place training sessions which will help the members of the organization on how they are meant to use the procured devices for the best use
The Governance Team should include the representatives from the stakeholder’s side, so as to give them a chance to air out their views.
The security professionals must have in place the various measures they deem will be best for the organization they are manning in order for the business to be protected from any cyber-attack or any loss that comes about due the fact that the technology that they had procured doesn’t meet the desired standards
Implementation
For the implementation of this issue of Corporate Governance in the field of IT its implementation is one which the will only be possible if the managers of the various organizations agree to implement the stipulated propositions. So various seminars and workshops must be organized in order to educate the managers and departmental heads on the importance of Corporate Governance in its day to day running of their organization.
References
Corporate Governance task Force. (2004). Information Security Governance. Assessment tool for Higher Education, 1-10.https://www.entrust.com/wp-content/uploads/2013/05/ITgovtaskforce.pdf.
Entrust. (2004). A case Study: Entrust. Implementing Information Security Governance, 1-12https://www.entrust.com/wp-content/uploads/2013/05/case_entrust_isg_july04.pdf.
Isaca. (2010). Cobit Online. Retrieved June 04, 2016, from Isaca: http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT-Products.pdf
Scott M, G. (2010). Applying Information Security and Privacy. Principles to Governance, Risk Management and Compliance, 2-24.https://www.sans.org/reading-room/whitepapers/compliance/applying-information-security-privacy-principles-governance-risk-management-complianc-33518