SlideShare a Scribd company logo

IT-Security-Governance-Innovations_joa_Eng_0515

A
A Krista Kivisild
1 of 1
Download to read offline
1ISACA JOURNAL VOLUME 3, 2015 With new technology supporting all areas of life, management increasingly needs to evaluate the areas of risk and concern that they need to be aware of and address within the business. Recent studies on IT risk areas indicate the following areas of concern: the rising strategic importance of corporate information and data,1 data governance and data quality in support of broader business audit review, recent systems failures that impacted retail banking customers,2 concerns over increased regulation, and insufficient preparation for cyberthreats.3 These same studies support the proposal that one of the best ways to address these issues is a greater focus on IT governance. IT Security Governance Innovations discusses a variety of academic studies in the areas of IT security governance and security standards, and it has information on guidelines in IT security governance and IT security governance innovations. This research forms the foundational groundwork to understand IT security governance, and it demonstrates how these concepts have been applied in different industries around the world. This reference book appeals to researchers and more experienced professionals, as the subjects and techniques in the book form a solid basis to help readers make good decisions and apply effective security governance practices. A compilation of 11 different studies from researchers associated with universities around the world, the first part of the book looks at security governance frameworks, the next examines enterprise-level security governance practices, and, finally, there is an exploration of the most recent issues in information and security governance. The book’s strengths lie in its deep exploration of a wide range of IT security governance topics that will be of interest to a variety of professionals across industry verticals. Topics include a comparison of information security frameworks, IT security governance in e-banking, IT security governance legal issues, IT service management, assessing the maturity of the COBIT® framework, adoption of ISO 27001 and more. These detailed studies may be relevant to a wide range of IS audit, security, risk and governance professionals; however, those who are less seasoned in the field may find the book to be an interesting read but too technical in nature. Professionals who have worked across different industries and implemented different frameworks but never had the time to do an in-depth comparison will find that this book answers many of their questions and provides insights and guidance on contemporary well-studied approaches for a variety of modern IT security and governance areas. Progressively increasing technology in the world requires the need for governance and security systems to also become progressively more sophisticated, to have well-supported solutions and to rely upon industry standard frameworks that have been pragmatically applied to the individual organization. IT Security Governance Innovations will help readers better support their organizations in achieving these goals. EDITOR’S NOTE IT Security Governance Innovations: Theory and Research is available from the ISACA® Bookstore. For information, see the ISACA Bookstore Supplement in this issue of the Journal, visit www.isaca.org/bookstore, email bookstore@isaca.org or telephone +1.847.660.5650. ENDNOTES 1 Kann, Ronnie; et al.; “2015 IT Audit Plan Hot Spots,” CEB Audit Leadership Council, 1 November 2014, https://www.executiveboard.com/ 2 Sobers, Mike; et al.; “Under Control 2015 Hot Topics for IT Internal Audit in Financial Services,” Deloitte UK LLP, 1 January 2014, www2.deloitte.com 3 Protiviti, “Cybersecurity Concerns Rise as a Risk Factor for Board Members and Senior Executives in 2015,” www.prnewswire.com/ news-releases/cybersecurity-concerns-rise-as- a-risk-factor-for-board-members-and-senior- executives-in-2015-300032571.html By Daniel Mellado, Luis Enrique Sanchez, Eduardo Fernandez-Medina and Mario Piattini Reviewed by A. Krista Kivisild, CISA, CA, CPA, who has experience in IT audit, governance, compliance/regulatory auditing, value-for-money auditing and operational auditing in government, private companies and public organizations. She has served as a volunteer instructor, worked with the Alberta (Canada) Government Board Development Program, and served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter. IT Security Governance Innovations— Theory and Research Do you have something to say about this article? Visit the Journal pages of the ISACA web site (www.isaca. org/journal), find the article and choose the Comments tab to share your thoughts. Go directly to the article:

Recommended

Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - InfographicSynopsys Software Integrity Group
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Cybersecurity automation
Cybersecurity automationCybersecurity automation
Cybersecurity automationJaimingondaliya1
 

Recommended

Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - InfographicSynopsys Software Integrity Group
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Cybersecurity automation
Cybersecurity automationCybersecurity automation
Cybersecurity automationJaimingondaliya1
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake sheaColloqueRISQ
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Ecosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesEcosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesChris White
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal PerspectiveAgustin Argelich Casals
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure servicesdigitaltracks
 
2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams 2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams CompTIA
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure servicesdigitaltrackseo
 
Technology Vision 2016 - Infographic
Technology Vision 2016 - InfographicTechnology Vision 2016 - Infographic
Technology Vision 2016 - InfographicAccenture Technology
 
IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018Ansgar Koene
 
Ist curriculum
Ist curriculumIst curriculum
Ist curriculumMelissa Hicks
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Symantec
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security InfographicBooz Allen Hamilton
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
How digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabHow digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabArgelich Networks
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Normativa
NormativaNormativa
Normativajose rubio ortega
 
How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts? How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts? annabellehussey
 

More Related Content

What's hot

Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake sheaColloqueRISQ
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Ecosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesEcosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesChris White
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure servicesdigitaltracks
 
2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams 2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams CompTIA
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure servicesdigitaltrackseo
 
Technology Vision 2016 - Infographic
Technology Vision 2016 - InfographicTechnology Vision 2016 - Infographic
Technology Vision 2016 - InfographicAccenture Technology
 
IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018Ansgar Koene
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Symantec
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
How digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabHow digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabArgelich Networks
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 

What's hot (20)

Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global Results
 
Google peter logli & jake shea
Google peter logli & jake sheaGoogle peter logli & jake shea
Google peter logli & jake shea
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
Ecosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesEcosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slides
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure services
 
2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams 2018 Trends in Cybersecurity: Building Effective Security Teams
2018 Trends in Cybersecurity: Building Effective Security Teams
 
It infrastructure services
It infrastructure servicesIt infrastructure services
It infrastructure services
 
Technology Vision 2016 - Infographic
Technology Vision 2016 - InfographicTechnology Vision 2016 - Infographic
Technology Vision 2016 - Infographic
 
IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018IEEE P7003 at ICSE Fairware 2018
IEEE P7003 at ICSE Fairware 2018
 
Ist curriculum
Ist curriculumIst curriculum
Ist curriculum
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15Wearables and Internet of Things (IoT) - MWC15
Wearables and Internet of Things (IoT) - MWC15
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security Infographic
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security Expert
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
How digital technology is shaping the future of marthab
How digital technology is shaping the future of marthabHow digital technology is shaping the future of marthab
How digital technology is shaping the future of marthab
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
 

Viewers also liked

How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts? How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts? annabellehussey
 
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...Mike Jirinec, PMP
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
Tres lleons.valorem la diversitat
Tres lleons.valorem la diversitatTres lleons.valorem la diversitat
Tres lleons.valorem la diversitateinfantilmoragas
 
Panorama des réseaux sociaux en 2016
Panorama des réseaux sociaux en 2016Panorama des réseaux sociaux en 2016
Panorama des réseaux sociaux en 2016NineClergeot
 

Viewers also liked (9)

Normativa
NormativaNormativa
Normativa
 
How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts? How effective is the combination of your main product and ancillary texts?
How effective is the combination of your main product and ancillary texts?
 
Evaluation 4
Evaluation 4Evaluation 4
Evaluation 4
 
Evaluation 4ij
Evaluation 4ijEvaluation 4ij
Evaluation 4ij
 
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...
ALSTOM Technical Paper - SAW Temperbead Techniques for Rotor Journal Repair -...
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
 
Tres lleons.valorem la diversitat
Tres lleons.valorem la diversitatTres lleons.valorem la diversitat
Tres lleons.valorem la diversitat
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
 
Panorama des réseaux sociaux en 2016
Panorama des réseaux sociaux en 2016Panorama des réseaux sociaux en 2016
Panorama des réseaux sociaux en 2016
 

Similar to IT-Security-Governance-Innovations_joa_Eng_0515

Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxkatherncarlyle
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxdaniahendric
 
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115A Krista Kivisild
 
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...IJNSA Journal
 
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...Finni Rice
 
NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk ModelsDavid Sweigert
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 

Similar to IT-Security-Governance-Innovations_joa_Eng_0515 (20)

Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
Secure-Insights-From-the-People-Who-Keep-Information-Safe_joa_Eng_0115
 
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
 
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...
 
NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models
 
Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 

IT-Security-Governance-Innovations_joa_Eng_0515

  • 1. 1ISACA JOURNAL VOLUME 3, 2015 With new technology supporting all areas of life, management increasingly needs to evaluate the areas of risk and concern that they need to be aware of and address within the business. Recent studies on IT risk areas indicate the following areas of concern: the rising strategic importance of corporate information and data,1 data governance and data quality in support of broader business audit review, recent systems failures that impacted retail banking customers,2 concerns over increased regulation, and insufficient preparation for cyberthreats.3 These same studies support the proposal that one of the best ways to address these issues is a greater focus on IT governance. IT Security Governance Innovations discusses a variety of academic studies in the areas of IT security governance and security standards, and it has information on guidelines in IT security governance and IT security governance innovations. This research forms the foundational groundwork to understand IT security governance, and it demonstrates how these concepts have been applied in different industries around the world. This reference book appeals to researchers and more experienced professionals, as the subjects and techniques in the book form a solid basis to help readers make good decisions and apply effective security governance practices. A compilation of 11 different studies from researchers associated with universities around the world, the first part of the book looks at security governance frameworks, the next examines enterprise-level security governance practices, and, finally, there is an exploration of the most recent issues in information and security governance. The book’s strengths lie in its deep exploration of a wide range of IT security governance topics that will be of interest to a variety of professionals across industry verticals. Topics include a comparison of information security frameworks, IT security governance in e-banking, IT security governance legal issues, IT service management, assessing the maturity of the COBIT® framework, adoption of ISO 27001 and more. These detailed studies may be relevant to a wide range of IS audit, security, risk and governance professionals; however, those who are less seasoned in the field may find the book to be an interesting read but too technical in nature. Professionals who have worked across different industries and implemented different frameworks but never had the time to do an in-depth comparison will find that this book answers many of their questions and provides insights and guidance on contemporary well-studied approaches for a variety of modern IT security and governance areas. Progressively increasing technology in the world requires the need for governance and security systems to also become progressively more sophisticated, to have well-supported solutions and to rely upon industry standard frameworks that have been pragmatically applied to the individual organization. IT Security Governance Innovations will help readers better support their organizations in achieving these goals. EDITOR’S NOTE IT Security Governance Innovations: Theory and Research is available from the ISACA® Bookstore. For information, see the ISACA Bookstore Supplement in this issue of the Journal, visit www.isaca.org/bookstore, email bookstore@isaca.org or telephone +1.847.660.5650. ENDNOTES 1 Kann, Ronnie; et al.; “2015 IT Audit Plan Hot Spots,” CEB Audit Leadership Council, 1 November 2014, https://www.executiveboard.com/ 2 Sobers, Mike; et al.; “Under Control 2015 Hot Topics for IT Internal Audit in Financial Services,” Deloitte UK LLP, 1 January 2014, www2.deloitte.com 3 Protiviti, “Cybersecurity Concerns Rise as a Risk Factor for Board Members and Senior Executives in 2015,” www.prnewswire.com/ news-releases/cybersecurity-concerns-rise-as- a-risk-factor-for-board-members-and-senior- executives-in-2015-300032571.html By Daniel Mellado, Luis Enrique Sanchez, Eduardo Fernandez-Medina and Mario Piattini Reviewed by A. Krista Kivisild, CISA, CA, CPA, who has experience in IT audit, governance, compliance/regulatory auditing, value-for-money auditing and operational auditing in government, private companies and public organizations. She has served as a volunteer instructor, worked with the Alberta (Canada) Government Board Development Program, and served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter. IT Security Governance Innovations— Theory and Research Do you have something to say about this article? Visit the Journal pages of the ISACA web site (www.isaca. org/journal), find the article and choose the Comments tab to share your thoughts. Go directly to the article: