Information System Security
IT governance is a
mechanism, where IT is integrated into business, which will help in improving
performance and functioning of business and its resources in efficient way. It
is formal process that provides a direction for an organization and sees that
IT is used in way those organizations are benefited and its objectives are met.
The need for standard IT governance mechanisms started after the several frauds
and failures of the organizations, which needed a methodology for them to
better perform. The latest laws also made the organization to work on risk
managements and to improve compliance, which resulted in better IT governance.
IT governance includes who
and how decisions are taken and how the results are evaluated and
accountability. IT governance is being embedded into the enterprise governance
making it part of it and making sure it plays a key role in all the strategies
and achieving goals of organization.
IT governance sets a
framework containing best practices.
Commonly used frameworks.
It is a comprehensive framework, used by
organization concentrating on risk management and
It is “Committee of
Sponsoring Organizations of Tread way commission (COSO)”.
The focus here is less on IT
and more on Business Scenarios.
CMMI works on scale of 1 to
5 it is more focused on software industries but latter extended to hardware
mostly used for improving performance.
Infrastructure library. It focuses on the core business components.
Service, design, operation
are areas where it concentrates.
I am going to discuss on
COBIT stands for Control
Objectives Information and Related Technology.
ISACA created this framework
of IT governance and management, it provides a tool for managers and helps them
to bridge the gap between business and technical issues. Business managers
follow models, which help in increasing the value of the organization. They
work on risk management practices which are associated IT. Project managers use
COBIT all around the world in IT Business process. It has standard rules which
can be apt for any organization of any kind. COBIT is responsible for quality
and reliability of information in organization which is major concern for any business.
COBIT is used by government
departments and private organizations.
It separates the governance
from management and covers the enterprise from end to end.
COBIT also has roots in It
auditing, which made it to fully support IT governance.
Framework is chosen based on
metrics needed by management and what benefits are the organizations getting
back by investing in IT and how IT departments are working.
Some frameworks are designed
or specific sectors like CMMI was for software engineering and FAIR for
checking cybersecurity threats.
Conclusion: Projects are successful
when there is proper communication between different parties involved. Risk
management committee should be formed which includes various set of leaders and
results should be shared openly within committee and monitor the progress
regularly and provide help when needed.