Module- Case: CORPORATE GOVERNANCE FOR INFORMATION SYSTEMS SECURITY
Assignment Overview
Based on the concepts provided in the module home page, we can say that IT corporate governance is necessary for enterprise risk management, for defensible management practices, and to establish a control position in a way that an organization can demonstrate prudence and is held accountable to shareholders, stakeholders, and regulators.
The following documents have a description of the principles of IT governance and information security governance both from a very practical and regulatory perspectives. In this case assignment, please read first the following reports:
ISACA (2012). COBIT Framework for IT Governance and Control.
IT_Governance_Institute (2008). Unlocking Value: An Executive Primer on the Critical Role of IT Governance.
Business_Software_Alliance. (n.d.). Information Security Governance: Toward a Framework for Action. Retrieved from the World Wide Web:
Case Assignment
When you've read through the material noted above and other related material, please compose a short (3-4 pages without counting the cover and references) paper on the topic:
Why should organizations incorporate security into their governance efforts?
In preparing your paper, you may wish to think about the following issues:
• What are the security governance principles?
• Why should stakeholders be involved in IT governance?
• How would you explain and recommend IT governance to managers
• What is the role of IT security professionals in terms of governance?
• Please make sure you address these questions and then integrate your thoughts into a well-organized answer to the primary question.