IT Security and IT Governance Alignment

Abstract

This paper review and align IT Security (ITS) and IT Governance (ITG) that would address ITS strategic and its operational issues. These issues if not addressed accordingly, would lead to a financial aftermath that would put the business at risk and jeopardize the organization's sustainability in both short and long run. There have been studies that show, the lack of technical controls, lack of solid governance and improper oversight at the enterprise stakeholders' level would result to disastrous events. Thus, ITS and ITG has to go hand in hand in order to fortify the security posture of an enterprise. The goal is to roll out an ITS program that would have the best of ITG and ITS best practices. Rather than reinventing the wheel, the affected managers or organizations can adopt and adapt the existing frameworks available easily. There are a few common frameworks available, however there is lack of essential elements especially on ITS management and technical controls. This paper will look into these common ITS frameworks and lists its shortcomings to further understand the need for a better framework. In addition, frameworks that govern ITG will also be studied looking at its advantages and disadvantages. Thus, elements from ITS frameworks will be identified, analyzed and certain aspects extracted as common themes. The analysis shows, the themes depicted are strong management support, fit for purpose context that suits the organization, essential risk management, clearly defined of roles and responsibilities, the importance of training and awareness and the implementation of a quick win strategy. These five themes will be put into ITG practice blocks with respect to the Structure, Process and Relational Mechanisms that spans across People, Process and Technology domains. Finally, the construct named NORLI is proposed to align both ITG and ITS. In the future, NORLI will be tested for its ease of use, effectiveness and efficiency.