Essay Example on Corporate Governance: Key to IT Firm Success in Competitive World

Introduction

Corporate Governance is a mechanism in which various organizations are controlled and directed. In the competitive world, the organization with the best information upon which to manage the decisions is more likely to be successful (Johnston & Hale, 2009). As such, the structuring of various enterprise governance for any information technology firm is essential in the evaluation of the frameworks and standards within the organization. When correctly done, corporate Governance within the organization could yield invaluable benefits (Williams, 2001). The significance of information Security in Corporate Governance is not a new concept. Information security relates to all the aspects such as definition, achievement as well as maintenance of the integrity, confidentiality as well as the reliability of the company's information. This paper shall review the various principles of IT Governance and Information security governance using the practical and regulatory perspectives from the ISACA report (De Haes, Joshi, Huygh & Jansen, 2016).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Security Governance Principles

The security governance principles determine how an organization evaluates, directs and manages the information security. As such there six basic principles for Security Governance. The first principle, which is the adoption of the risk-based approach underscores that security governance ought to include the allocation of budgets and resources based on the risk appetite of an organization (Williams, 2001). Again, the other security governance principle is that an organization should set the direction for investment decisions.

The security of the information is essential in supporting the objectives of the organization. As such, the security governance must entail ensuring that the security of the information is integrated into the existing organizational processes for operational and capital expenditure (Davidson, 2018). Moreover, the other principle for security governance is to ensure conformance with both the external and internal requirements of the organization. For instance, the external organizational requirements include standards leading to certification, mandatory regulations and legislations as well as contractual requirements. On the other hand, the internal organization requirements relate to the broader goals and objectives of the organization (Williams, 2001).

Most fundamentally, the organization must foster a security-positive environment for all the stakeholders. Concisely, security governance should always be responsive to the expectations of the stakeholders, taking into cognizance the fact that different stakeholders have diverse values and needs within the organization (Williams, 2001). The organization should also review the performance of the organization concerning business outcomes. From the government's viewpoint, security performance includes both efficiency and effectiveness as well as the overall impact on the business (Davidson, 2018). The governance executives ought to ensure that they mandate the review and measurement of the program with the sole aim of improving the link between the information security performance and the business performance (Johnston & Hale, 2009).

IT Governance Stakeholders

With regards to IT Governance, ISACA's COBIT 5 a stakeholder relates to anyone who has responsibility for or particular interest in the enterprise and as such is influenced by or influences the activities of the organization (De Haes, Joshi, Huygh & Jansen, 2016). Stakeholders are essential since the organization does not operate purely in a vacuum or on their microcosms. According to ISACA's COBIT 5, the stakeholders in IT governance are categorized as either internal stakeholders or external stakeholders (Davidson, 2018). For instance, the internal stakeholders relate to those within the enterprise, and they include Chief financial officers, Chief information officer, Chief Executive officer, Chief risk officer, business owners, risk managers, service and security managers among other officers within the organization (Johnston & Hale, 2009).

On the other hand, the external stakeholders interact with the business from outside, and they include; shareholders, external users, the government, regulators and standardization organizations, external auditors, suppliers, among others. Therefore, meeting the needs of various stakeholders of an enterprise is one of the core principles and integral part of the COBIT Goals Cascade (Williams, 2001).

IT Governance Justification to Managers

The fundamental importance of IT Governance to the managers is that it provides the focus cost-effectiveness and efficient communication between the customers and the management of the enterprise (Kauppi & Madsen, 2013). On that light, the IT governance offers an essential formula for the organizational success through allowing various leaders to be active in the strategic management of IT as well as ensuring alignment and responsiveness to customer needs are in place (Davidson, 2018).

The IT governance also ensures objective decision making as well as resource balancing, which is essential for easy management of the enterprise (Johnston & Hale, 2009). Again proactive IT governance facilitates the organizational risk management through providing the basis for the implementation of the various risk mitigation strategies by the managers of the enterprises (Williams, 2001).

Role of IT Security Professionals in Terms of Governance

The IT security professional have an essential role to play in terms of IT Governance. They must always stay up to date with the new tactics of hackers in the information technology field (Parker & Brown, 2018). Some other vital roles of the IT security professionals include; setting and implementing user access controls, monitoring network as well as the performance of applications to identify any irregular activity as well as performing timely and regular audits to ascertain the compliance to security regulations and practices (Parker & Brown, 2018). According to the ISACA report, the IT professionals also have the role of implementation of comprehensive vulnerability systems across various assets on-premises as well as those on cloud (Johnston & Hale, 2009).

References

De Haes, S., Joshi, A., Huygh, T., & Jansen, S. (2016). ISACA JOURNAL How Boards Realize IT Governance Transparency: A Study Into Current Practice of the COBIT EDM05 Process.

Johnston, A. C., & Hale, R. (2009). Improved security through information security governance. Communications of the ACM, 52(1), 126-129.

Kauppi, N., & Madsen, M. R. (2013). Transnational power elites: The new professionals of Governance, law and security. In Transnational Power Elites (pp. 12-26). Routledge.

Parker, A., & Brown, I. (2018, August). Skills Requirements for Cyber Security Professionals: A Content Analysis of Job Descriptions in South Africa. In International Information Security Conference (pp. 176-192). Springer, Cham.

Williams, P. (2001). Information security governance. Information security technical report, 6(3), 60-70.