Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery
Compliance demonstrates acceptance of expected behavior. Legal compliance is an essential management fiduciary responsibility; however it is not enough to ensure an adequate control environment. Derivatively, an entity’s established information control environment must achieve dynamic homeostasis or risk managerial chaos. Therefore, ISG should be installed to convey managements’ control environment attitude, awareness, and actions. In particular, ISG management should ensure an adequate IAP program is deployed. For example, regarding potential repercussions, management’s failure to commit sufficient resources addressing IT security risks may adversely affect deployed controls by permitting improper changes to computer objects, or permitting unauthorized transaction processing negatively impacting business decisions.