Distinction and Need for Governance at All Three Levels Corporate it Info Security Term Paper
- Length: 13 pages
- Sources: 15
- Subject: Business
- Type: Term Paper
- Paper: #78541028
Excerpt from Term Paper :
Corporate governance, IT Governance and Information Security Governance
IS 8310 Governance, Risk Management and Compliance
Governance is the process of empowering leaders to implement rules that are enforceable and amendable. For comprehensive understanding of the term' governance' it is essential to identify the leaders and the set of rules, and various positions that leaders govern. Corporate governance, IT Governance and Information Security Governance embraces a linkage with certain acquiescence system while focusing on information security and privacy issues in the organization. This work will give a distinction between the three terms and identify how they related to each other and how endeavors to comply with each system is leveraged to apply to each other.
Governance is the process of empowering leaders to implement rules that are enforceable and amendable. Therefore, for comprehensive understanding of the term' governance' it is critical to categorize the leaders and the set of rules, and various positions that leaders govern. For successful completion of this paper, it is essential to discuss corporate governance, IT governance and Information Security governance. Corporate governance is the process by which leaders direct and control corporations. In executing good governance, the boards of members together with the executive management aim at providing strategic direction by carrying out their routine duties responsibly (Photopoulos, 2008).
They also ascertain appropriate management of corporate risks that arises unpredictably. Finally, corporate governance ascertains responsible utilization of company resources. IT governance comprises of; leadership, company structures and procedures. The three elements ascertain that the company's Information Technology maintains and broadens the strategies and intentions of the company. Information Security governance has similar functions with IT governance; however, it preserves the confidentiality and reliability of classified data in the company. Therefore, for the organizations to secure the information systems and empower their security systems, it is essential for them to integrate information security into the corporate governance (Gartner, 2010).
Most organizations, such TechNet view information security as a complex matter, but that is not the case. When organizations make major initiative to protect their information assets, executive management must consider information security a significant part of organizational operations. The effective way of accomplishing such objective is integrating it with other internal controls and processes that comprise corporate governance. The following recommendations emphasize the need of integrating Information Security governance in TechNet with other control systems.
1) TechNet should incorporate Information security governance to establish cyber security into its corporate governance procedures.
2) TechNet should indicate their devotion to Information Security governance by affirming their intention of relating with corporate governance in evaluating their performance and provide the report to the board members
3) Companies that embrace corporate governance program should indicate their devotion to information security governance by willingly showing an interest on their company website
Efficient Information security governance requires incessant improvement for successful performance. The recommendations provide a strong foundation for organizations that intends to empower their Information security governance. However, application of these suggestions is an inception to safeguarding information systems and empowers TechNet's security measures. This paper seeks to encourage organizations to prioritize on corporate governance, IT governance and Information Security governance procedures and create awareness on the need of governance in organizations (Biegelman & Bartow, 2006).
2. CORPORATE GOVERNANCE
Corporate governance entails organizational principles that describe the link that exists between the stakeholders, the executive and the board members. These principles affect how the organization operates. At the most fundamental level corporate governance focuses on matters that define organizational ownership and management. However, it extends its function by showing a clear connection between the stakeholders and the executive. Organizations with strong governance policies offer effective access to assets and supports in economic development. In addition, corporate governance extends its functions to dealing with social and institutional challenges (Rasmussen, 2010).
Good governance addresses issues that embrace the significance of justice, precision, liability, and accountability to shareholders and investors. An effective and morally governed business requires efficient internal governance and favorable corporate environment. Thus, aspects such as, secure company assets, operating judiciary and liberty are fundamental to interpret corporate governance set of rules into feasible practices. Furthermore, effective corporate governance ascertains fairness and transparency in organizational environment, and that, organizations accept liability for actions committed against the policies. Consequently, ineffective corporate governance results to injustice, embezzlement of funds, dishonesty and misuse of resources. The board of director assumes the responsibility of bad corporate governance. The affairs and the general performance of the company lie in the hands of the boardroom (Basri, 2008).
However, the corporate laws and regulations empower the boardroom to delegate some of the duties to the committee members. For effective performance, corporate governance sub-delegates some duties to other smaller governances dealing with finances, human resources and Information Technology as shown in Figure 1.
Human Resource Governance
2.1. CORPORATE GOVERNANCE METHODOLOGY
2.11. International Financial Corporation Corporate Governance
The company develops an International financial corporation methodology in implementing corporate governance in the company. This methodology establishes a collaborative affiliation with stakeholders and relates with them in enhancing governance practices. This is achievable by mainstreaming corporate governance evaluation in investment procedures for every IFC operation by employing the IFC Corporate Governance method. In essence, International Financial Corporation governance approach is the procedure used by companies in evaluating the corporate governance structures, principles and procedures through application of appropriate tools. Every evaluation is company-related to ascertain feasible approach to corporate governance (Basri, 2008).
This approach serves as a basis for corporate governance development structure's approach. In all IFC business deals, it becomes impossible for IFC members to carry out appropriate assessment without assessing and making sound decisions in financial stakeholder rights; liability and the boardroom; the internal control system, precision and disclosure guidelines. The executive management must understand the core issues of corporate governance and invent approaches for the safety of stakeholders and shareholders. Employing IFC methodology allows effective management of corporate governance related threats, enhances the capacity to delivering valuable advice to shareholders, and develops stronger collaborations with shareholders. Therefore, employing corporate governance evaluations in IFC operations is essential in improving business decision-making procedure.
3. IT GOVERNANCE
IT governance deals particularly with IT systems, their functioning and Risk management. The primary intentions of managing information technology systems are ensuring that the system engenders business significance, and alleviates the threats linked with it. This is achievable by implementing company structures with defined roles for the liability of information, businesses procedures and infrastructure. IT governance requires ascertaining that the resources in IT create value-reward and alleviate IT connected risks evading business failure (Schwalby, 2011).
Information is imperative to company success- valuable and competent delivery of services and goods. The transformation process, generally known as "business change," is the key enabler of new business strategies in the private and public organizations. Business transformation provides numerous rewards; however, it is susceptible several risks, which may hinder business processes and cause unplanned outcomes. In essence, IT governance forms part of corporate governance by ascertaining that IT objectives are achieved and risks alleviated in that IT created value to maintain development in the organization (Huang, Zmud & Price, 2010).
3.1 Using COBIT Methodology in IT governance
IT Governance assumes a vital significance in contemporary organizations whereby Information Technology business operations are fundamental. Furthermore, the company depends on information, systems and advanced technologies to develop. Even though technology advancement may enhance various company processes, cut down costs and changes company practices, it also caries heavy risks. Successful companies are capable of identifying and managing such risks by employing a methodology that allows organizations to manage the risks and increase transparency in business operations (Matwyshyn, 2009).
IT governance is relevant to companies to ascertain conformity, IT alignment, and positive return on IT business deals, enhanced security, risk management and so forth. For this reasons, companies must improve the IT system in order to streamline all the business operations. Executing IT governance is a challenging task, and unless the company implements IT control using the COBIT framework. COBIT is a powerful, updated global set of generally established IT management good practices and control objectives meant for executive management, IT experts and auditors (Barnhizer, 2006).
4. CORPORATE GOVERNANCE AND IT GOVERNANCE
Evaluation on corporate governance has a direct or indirect influence on IT and the control of IT governance. In addition, in a business driven technology, corporate governance relies on IT governance for successful execution of business processes. The board of directors and the executive management are accountable for IT Governance. In circumstances where Chief Executive Officers face criminal charges for defying corporate governance, IT Governance becomes accountable for business operations. Board members play different roles to ascertain the success of the company, and they delegate some roles to other members (Adegbite, 2012). IT governance consists of other forms of smaller governances, which include performance and ability governance, network governance and Information security governance as shown in Figure 2 below.