Governance has a central role in IT security

A major survey from ISACA confirms the central role that governance plays in information security within large organizations and stresses the fact that 95% of IT professionals within major organizations consider governance to be important.

The study says that two thirds of respondent enterprises have some GEIT activities in place, with the most common being the use of IT policies and standards, followed by the employment of defined and managed IT processes.

The report highlights that the main driver for activities related to GEIT is ensuring that IT functionality aligns with business needs.

“It also shows that the most commonly experienced outcomes are improvements in the management of IT-related risk, as well as communications and relationships between business and IT,” said Rolf von Roessing, international VP of ISACA.

With regulatory compliance now high on the agenda of most corporate boardrooms especially in Europe, where best practice compliance is now a statutory requirement in many areas of business, the report makes some interesting, valid points.

It’s clear, he says, that the right governance enablers can help ensure that the implementation of IT plans within major organizations is as smooth as possible.

“As the report says, it is now a fact of business life that specific events, activities or even crises will arise that require some GEIT objectives to take precedence over others. It is equally important that managers should take a balanced and holistic view of the five GEIT focus areas – strategic alignment, risk management, value delivery, resource management and performance,” said von Roessing.

And, when you dip further into the report, he added, you begin to realize the importance of IT in the management process, as 70 per cent of respondents to the ISACA survey indicated that the head of IT in their organization is also a member of the senior management team.

“More than anything, the results of our survey confirm the significance of IT in many enterprises. However, there is still a lot of work to be done, as researchers have found that it is still common in smaller enterprises for the head of IT not to be on the senior management team,” said von Roessing.

“It is also worth noting that other frequently stated reasons for IT not being on the senior management team are that IT is a support function (32 per cent), and that IT is adequately represented by another member of the senior executive team (32 per cent again),” he added.

“Our in-depth report is a timely indicator that, whilst great strides have been made in helping industry to understand the central role that IT has in a business, IT professionals and security professionals in particular should not rest on their laurels.”

More about

Don't miss