Integrating Internal Control Frameworks for Effective Corporate Information Technology Governance

Ettish, Abdou Ahmed; El-Gazzar, Samir M.; Jacob, Rudolph A.

doi:10.4301/s1807-17752017000300004

“…Information security is not just an implementation of technology; there are other elements involved. Information security consists of technology, processes, and people [9]. Technical measures such as passwords, firewalls, network monitoring, and the likes are not enough to counter threats to information; therefore, organizations must consider a combination of measures to protect their information against theft and harm whether intentional or unintentional [9].…”

Section: Background Of the Studymentioning

confidence: 99%

“…Information security consists of technology, processes, and people [9]. Technical measures such as passwords, firewalls, network monitoring, and the likes are not enough to counter threats to information; therefore, organizations must consider a combination of measures to protect their information against theft and harm whether intentional or unintentional [9]. Processes include things like user registration, deregistration, and organizations must consider people aspects such as compliance, training, and leadership by example instead of just deploying a solution that protects information from theft, loss, or misuse.…”

Section: Background Of the Studymentioning

confidence: 99%

Securing Cloud Computing Through IT Governance

Faizi¹,

Rahman²

2021

ITII

2

0

View full text Add to dashboard Cite

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

show abstract

“…An information security framework should include comprehensive security for an organization's information. Moreover, researchers have identified components that make up the comprehensive security of information, and how should the organizations go about implementing them [9].…”

Section: Information Security Governancementioning

confidence: 99%

“…Information security needs executive sponsorship. Executive sponsor can help obtain a commitment from an organization's board and its management team [9]. With an active commitment, responsibility, and accountability of the board and the management team, information security becomes an active discussion in meetings of the board and the management team; therefore, this brings greater involvement of the board of directors, management team, and business process owners [61].…”

Section: Information Security Components For It Governancementioning

confidence: 99%

Securing Cloud Computing Through IT Governance

Faizi

¹

,

Rahman

²

2019

View full text Add to dashboard Cite

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

show abstract

“…Other recent examples of research into the use of IT and corporate governance controls have explored the use of industry frameworks, particularly security and audit frameworks (De Haes & Van Grembergen, 2016;Ettish, El-Gazzar, & Jacob, 2017;Wilkin & Chenhall, 2019).…”

Section: Table Six: Governance Form Characteristicsmentioning

confidence: 99%

Surmounting Boundaries: Closing The Governance Gap Governance Arrangements In Public Sector Ict Shared Services

Williams¹

0

View full text Add to dashboard Cite

<p>Hundreds of millions of dollars of public money have been spent creating Public Sector ICT Shared Services (PSISS) based on expectations of improved customer service and cost reduction. Unfortunately, the promised benefits have often failed to materialise and governance has been identified as a barrier to PSISS success. The research first locates the concerns that governance, and in particular arrangements for governing PSISS, is contributing to PSISS failure in the academic and practice literatures on PSISS governance. Our current knowledge of PSISS governance is principally informed by literature from three domains: management, public administration and information systems. These domains, to an extent, exist in silos with unique traditions, perspectives and knowledge claims. As a result, how it informs the governance of PSISS could be at best unhelpful and even confusing to practitioners. This state of knowledge is not assisted by “how to govern” guides that obscure their different theoretical origins and do not appear to address the complexity of PSISS governance. Despite this apparent lack of coherent frameworks in the academic and practice literatures, practitioners are expected to use this literature to develop governance arrangements and perform effective PSISS governance. This lack of coherence led me to ask my first research question: How do practitioners perceive PSISS governance in practice? Exploring how PSISS governance occurs in practice through the lived experience of PSISS governance practitioners led me to select grounded theory as an appropriate methodology and research design to examine 20 years of governance practice for an electronic identity (E-ID) PSISS in New Zealand. My grounded theory of practice enabled construction of a public sector governance model to explore vertical and collaborative governance arrangements through three perspectives: system strategy, delivery and assurance. The model has been extended to provide a system-wide public sector governance lens, which was used to reflexively explore current academic literature and seven practitioner informed critical public sector governance issues to answer my refined secondary research question: How have governance arrangements addressed critical issues in public sector governance?</p>

show abstract

Integrating Internal Control Frameworks for Effective Corporate Information Technology Governance

Cited by 6 publications

References 11 publications

Securing Cloud Computing Through IT Governance

Securing Cloud Computing Through IT Governance

Securing Cloud Computing Through IT Governance

Surmounting Boundaries: Closing The Governance Gap Governance Arrangements In Public Sector Ict Shared Services

Contact Info

Product

Resources

About