IT Governance, Risk, and Compliance

Dec 22 2012   1:43AM GMT

eBook excerpt: Assuring Information Security – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Usually, a formal ISG program is required to promote information assets safeguarding.  ISG programs should ensure the Control Objectives for Information and related Technology (COBIT) framework confidentiality, integrity, availability, compliance, and reliability information criteria are not compromised through gaps in controls.  Therefore, the information security program and associated systems, processes and activities need to be regularly assessed for quality and compliance with defined requirements.  Monitoring and evaluating information security drives assurances provided or obtained through due care and due diligence as well as enables managerial fiduciary oversight expectations fulfillment.

Whether ISG is considered a distinct governance classification supporting entity governance or a subset of information technology governance (ITG), safeguarding IT normally mandates addressing responsibilities separation and ‘protection-of-information-assets’ to ensure managerial due diligence.  Typically, safeguarding information assets translates into ensuring resources are acquired, utilized and disposed of in accordance with proper procedures and approvals.  If ISG is misaligned with entity-governance and ITG; financial, legal, operational and reputational risks can escalate beyond demarcated tolerance levels.  In fact, a functional entity’s very existence may be dependent on how well it safeguards assets utilized in achieving the adopted organizational mission.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: