1. 1ISACA JOURNAL VOLUME 3, 2015
With new technology supporting all areas of
life, management increasingly needs to evaluate
the areas of risk and concern that they need to
be aware of and address within the business.
Recent studies on IT risk areas indicate the
following areas of concern: the rising strategic
importance of corporate information and data,1
data governance and data quality in support of
broader business audit review, recent systems
failures that impacted retail banking customers,2
concerns over increased regulation, and
insufficient preparation for cyberthreats.3
These
same studies support the proposal that one of
the best ways to address these issues is a greater
focus on IT governance.
IT Security Governance Innovations discusses
a variety of academic studies in the areas of IT
security governance and security standards,
and it has information on guidelines in IT
security governance and IT security governance
innovations. This research forms the foundational
groundwork to understand IT security governance,
and it demonstrates how these concepts have been
applied in different industries around the world.
This reference book appeals to researchers and
more experienced professionals, as the subjects and
techniques in the book form a solid basis to help
readers make good decisions and apply effective
security governance practices. A compilation of 11
different studies from researchers associated with
universities around the world, the first part of the
book looks at security governance frameworks, the
next examines enterprise-level security governance
practices, and, finally, there is an exploration
of the most recent issues in information and
security governance.
The book’s strengths lie in its deep exploration
of a wide range of IT security governance
topics that will be of interest to a variety of
professionals across industry verticals. Topics
include a comparison of information security
frameworks, IT security governance in e-banking,
IT security governance legal issues, IT service
management, assessing the maturity of the
COBIT®
framework, adoption of ISO 27001
and more.
These detailed studies may be relevant to a wide
range of IS audit, security, risk and governance
professionals; however, those who are less seasoned
in the field may find the book to be an interesting
read but too technical in nature. Professionals
who have worked across different industries and
implemented different frameworks but never had
the time to do an in-depth comparison will find
that this book answers many of their questions and
provides insights and guidance on contemporary
well-studied approaches for a variety of modern IT
security and governance areas.
Progressively increasing technology in the
world requires the need for governance and
security systems to also become progressively more
sophisticated, to have well-supported solutions and
to rely upon industry standard frameworks that
have been pragmatically applied to the individual
organization. IT Security Governance Innovations
will help readers better support their organizations
in achieving these goals.
EDITOR’S NOTE
IT Security Governance Innovations: Theory and
Research is available from the ISACA®
Bookstore.
For information, see the ISACA Bookstore
Supplement in this issue of the Journal, visit
www.isaca.org/bookstore, email
bookstore@isaca.org or telephone
+1.847.660.5650.
ENDNOTES
1
Kann, Ronnie; et al.; “2015 IT Audit Plan
Hot Spots,” CEB Audit Leadership Council,
1 November 2014,
https://www.executiveboard.com/
2
Sobers, Mike; et al.; “Under Control 2015
Hot Topics for IT Internal Audit in Financial
Services,” Deloitte UK LLP, 1 January 2014,
www2.deloitte.com
3
Protiviti, “Cybersecurity Concerns Rise as a
Risk Factor for Board Members and Senior
Executives in 2015,” www.prnewswire.com/
news-releases/cybersecurity-concerns-rise-as-
a-risk-factor-for-board-members-and-senior-
executives-in-2015-300032571.html
By Daniel Mellado, Luis
Enrique Sanchez, Eduardo
Fernandez-Medina and
Mario Piattini
Reviewed by A. Krista
Kivisild, CISA, CA, CPA,
who has experience in
IT audit, governance,
compliance/regulatory
auditing, value-for-money
auditing and operational
auditing in government,
private companies and public
organizations. She has served
as a volunteer instructor,
worked with the Alberta
(Canada) Government Board
Development Program, and
served as the membership
director and CISA director
for the ISACA Winnipeg
(Manitoba, Canada) Chapter.
IT Security Governance Innovations—
Theory and Research
Do you have
something
to say about
this article?
Visit the Journal
pages of the ISACA
web site (www.isaca.
org/journal), find the
article and choose
the Comments tab to
share your thoughts.
Go directly to the article: