Review of ISG Assessment Tool:
The information assessment, governance-tool is a framework designed to help companies measure the extent of how they have implemented their information security governance framework at the strategic level within the organization (Corporate Governance Task Force Report, 2004). Many available tools to address issues to do with informational securities, both the operational and tactical levels, but the ISG addresses the corporate governance issue. Issues to do with information security have often been considered technical issues, but over the last few years, it has been established that there is more to be done to ensure that effective information security programs are put into place (Applied Trust, 2016). Among the many other issues encompassed in this information, agenda is governance. Governance refers to generally dealing with critical aspects of a business and the presentation of these aspects in a transparent manner to the stakeholders (Kumar & Zattoni, 2014).
Technological information as we know it is not simply confined to the use of technological tools meant to be controlled by a knowledgeable few, but in essence includes a huge collection of electronic information that creates a virtual world within which corporations exist. This data can originate from anywhere through the electronic field. The data handled by a larger populace put it at huge risk, and this is where governance comes in. Governance is therefore used to ensure that there is both accountability and oversight to ensure mitigation of these risks. The management who plays a vital role in governance is involved with ensuring that the controls being put forth are adequately implemented to ensure that the risks are mitigated (Von Solms & Von Solms, 2009).
In assessing the tool, it is evident that it clearly elevates the fact that issues to do with information security are not only technical, but to a large extent relies heavily on an organization's governance structure. This is because the entire tool is dedicated to evaluating the people and process components of information security while ignoring the technological aspect totally (Corporate Governance Task Force Report, 2004).
My experience in studying information security governance has been eye opening because it has changed my perception from viewing information technology as being involved only with technology. The assessment of my company revealed that indeed a company utilizes IT as a very powerful tool towards the achievement of its important objectives. During the course of my study of this module, I got a chance to choose a company and use the ISG tool that was provided, which helped me understand the importance of governance in information technology.
The company, which I assessed directly, employs IT in the full automation of its supply chain management. However, there have been challenges in fully employing the technology as fears rise in terms of security of data among other technical uncertainties. This only goes to show that there is much disconnect between the IT experts and the business leaders because many at times the business leaders may not understand the full potential of IT-enabled innovations. On the other hand, IT experts do not get the business requirements of fully employing technologies in running businesses. Below this overview, I have been able to develop a strong urge to reconcile these different perceptions by understanding that in a highly networked economy, technology, and business opportunities go hand in hand. It is thus imperative that business leaders pay keen attention to IT while assessing how their enterprises heavily rely on it for the critical execution of a company’s business strategy. The use of this tool has been a great experience in learning the intricacies of governance issues and IT.
References
Applied Trust (2016). Every Company Needs to Have an Information Security Program. Retrieved 15 June 2016, from https://www.appliedtrust.com/resources/security/every-company-needs-to-have-a-security-program
Corporate Governance Task Force Report (2004). Information Security Governance a call to action. Retrieved 15 June 2016, from http://docplayer.net/585056-Corporate-governance-task-force-report-information-security-governance-a-call-to-action-i-s-g.html
Kumar, P. & Zattoni, A. (2014). Corporate Governance, Information, and Investor Confidence.Corporate Governance: An International Review, 22(6), 437-439. http://dx.doi.org/10.1111/corg.12094
Von Solms, S. & Von Solms, R. (2009). Information security governance. New York, NY: Springer, 26-35. Retrieved 15 June 2016, from https://books.google.co.ke/books?id=PO9xjtfAnoEC&printsec=frontcover&dq=Information+security+governance.&hl=en&sa=X&redir_esc=y#v=onepage&q=Information%20security%20governance.&f=false
