The world is changing rapidly and cyber threats are becoming more frequent and severe. Most cyber attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations.
While most organisations believe that their information security systems are secure, often the reality is that they are not.
Faced with these increasing information security threats, organisations have an urgent need to adopt IT governance best practice strategies.
What is IT governance?
April’s book of the month, IT Governance – An International Guide to Data Security and ISO27001/ISO27002, defines IT governance as:
“the framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensures that the organization’s information systems support and enable the achievement of its strategies and objectives”
There are three widely recognised frameworks that are associated with IT governance, each of which has significant strengths:
- ITIL® is a library of best-practice processes for IT service management and is supported by ISO/IEC 20000:2011. It is based around a five-phase service lifestyle: service strategy, service design, service transition, service operation and continual service improvement.
- COBIT® is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals.
- ISO 27002 provides comprehensive implementation guidance to ISO 27001, the international standard providing the specifications for a best-practice information security management system (ISMS). An ISMS is a systematic approach to making sure that confidential or sensitive information remains secure.
By asking yourself if your IT investments aligns with your business objectives, you will be able to gauge the adequacy of your current IT governance arrangements.
Drivers for adopting IT governance strategies
IT Governance – An International Guide to Data Security and ISO27001/ISO27002 identifies, and expands upon, five specific drivers for UK organisations to adopt IT governance strategies:
- The requirements of the UK Corporate Governance Code (formerly known as the Combined Code) and the Risk Guidance.
- The increasing intellectual capital value that the organisation has at risk.
- The need to align technology projects with strategic organisational goals, and to ensure they deliver value.
- The rapid increase and complexity of threats to information and information security and the consequent potential impacts on reputation, revenue and profitability.
- The increase in compliance requirements of information- and privacy-related regulation.
Guidance on implementing an effective governance system
April’s book of the month, IT Governance – An International Guide to Data Security and ISO27001/ISO27002, is a bestselling book providing internationally applicable guidance to implementing an effective ISMS, which automatically implies strong governance.
Written by ISO 27001 experts Alan Calder and Steve Watkins, this definitive compliance guide demonstrates how to:
- Enhance your organisation’s defenses with an ISO 27001-compliant ISMS;
- Design and implement a robust governance system that covers all aspects of data protection and information security; and
- Defend your organisation against sophisticated and persistent cyber threats.