Scribd
Upload
41 views

CIS Lec2

This document provides an overview of IT governance and information security governance. It discusses how governance relates to stakeholders, strategic positioning, IT value delivery, and risk management. The goals of governance are to align IT with business goals, comprehensively manage risks, optimize investments, and effectively manage resources and performance. Information security governance should be driven by principles of confidentiality, integrity, and availability, and supported by executive management.

Uploaded by

Monique del Rosario
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
41 views

CIS Lec2

This document provides an overview of IT governance and information security governance. It discusses how governance relates to stakeholders, strategic positioning, IT value delivery, and risk management. The goals of governance are to align IT with business goals, comprehensively manage risks, optimize investments, and effectively manage resources and performance. Information security governance should be driven by principles of confidentiality, integrity, and availability, and supported by executive management.

Uploaded by

Monique del Rosario
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 11

CIS Lecture No.

2: IT Governance

Governance
Corporate governance
Information security governance

Governance Relationship Structure


Value to stakeholders

Strategic Positioning

IT Value Delivery

Risk Management Performance Management

1. Value to stakeholders
Owners/Investors Management Employees Customers Creditors Government Public

2. Strategic Positioning
Owners/Inve stors Creditors Marketing

Finance

INFORMATION SYSTEM

Production

Public

Accounting

Distribution

Government

Customers

3. IT Value Delivery Business-focused


Which responds to

Business Requirements

Drives Investments In

Enterprise Information
To Deliver

COBIT

IT Resources

IT Process

That are used by

4. Risk Management Responsibility


Eliminate/Minimize exposure to civil and legal liability Ensure accountability for critical info during transition periods Provide assurance of policy compliance Enhance business operations continuity Provide foundation for risk management, process enhancement and fast incident response procedures Optimize allocation of limited resources Ensure that important decisions are made on accurate data and timely manner

5. Performance Management Practices and procedures


Align information with enterprise goals SWOT Analysis Resource Management and Risk Management Understand role of auditing in governance Timely and sufficient report Create an IT Strategy committee

Information Security Governance


CIA driven Governance should be supported at highest level
Complexity Criticality Importance

Beyond protection of IT System Responsibility of BOD and Executive Management

Results
Strategic link to business and organizational objectives Comprehensive risk management Optimized investments Resource Management KPI reports

References
Dull, Gelinas and Wheeler, 2012, Accounting Information Systems 2nd Ed, Cengage Learning J.A. Hall, 2011, Information Technology Auditing and Assurance, Cengage Learning Schou and Shoemaker, 2009, Information Assurance for the Enterprise, McGraw-Hill COBIT-Framework for IT Governance COSO-ERM

You might also like