IT governance on security management decisions

Abstract

Implementation of any IT best practices should be consistent with an organization’s management style and the way the organization deals with risk management and delivery of IT value. Most of risk management analysts currently agree that probably the biggest risk and concern to top management today is failing to align IT to real business needs, and a failure to deliver, or be seen to be delivering, value to the business. Since IT can have such a dramatic effect on business performance and competitiveness and particularly in security management issues, a failure to manage IT effectively can have a very serious impact on the business as a whole. In this paper, the notion and impact of governance is analyzed in the context of IT security management decisions. In doing so, two case studies are used to identify possible factors that may affect managers in developing successful governance strategies.

Keywords: IT security, risk management, governance, case study, interpretivist approach.