discussion
alokreddy
rlatesr.docx19 hours ago
Rahul Reddy Kallu
Discussion 6
Top of Form
IT governance and data governance are subset of Information Governance (IG), which defines set of policies and procedures to concentrate more on how to effectively manage information. These policies include managing structured (records) and unstructured data (e-mails, e-documents). IT governance policies are aimed towards protecting sensitive data such as Protected Health Information (PHI), ensuring privacy of Personally Identifiable Information (PII), legal and regulatory compliance, records retention and information disposal. According to the IT Governance Institute, “IT governance is the responsibility of executives and the board of directors, and consists of leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives”. Governance implies establishing policies and implementing structure around how the agencies align their IT strategy with their business strategy, to ensure that they stay on track to achieve their strategic goals, and implement effective ways to measure the agencies’ IT performance (Gunawardena & Ramesh, 2014).
IT governance brings value to the organization and its effective value creation to IT investments has long been recognized, which is cited as the reason for achieving excellence in management of IT (Gunawardena & Ramesh, 2014). The policies developed through IT governance are implemented on investments, projects and resources in an effort to reduce redundancy across organization, review opportunities and improve cost savings (Gunawardena & Ramesh, 2014). Governance allows organizations to be active in the strategic management of IT and make sure the basic elements are in place (Gunawardena & Ramesh, 2014). These basic elements include Alignment and responsiveness, objective decision making, resource balancing, organizational risk management, execution and enforcement, accountability (Gunawardena & Ramesh, 2014). IT governance cannot exist as an individual process and is a process by which decisions are made around enterprise IT investments and projects. IT governance enables leadership to make better strategic decisions and proactively manage and evaluate future investment as a group (Gunawardena & Ramesh, 2014).
ISO for network security was first published in 2009 as ISO/IEC 27033-1, which is a revision of ISO 18028-1:2006 (The ISO 27000 Directory, n.d.). ISO/IEC 27033 is a multi-part standard derived from existing five-part ISO/IEC 18028 (SecAware Policies, n.d.). “The purpose of ISO/IEC 27033 is to provide detailed guidance on the security aspects of the management, operation and use of information system networks, and their inter-connections. Those individuals within an organization that are responsible for information security in general, and network security in particular, should be able to adapt the material in this standard to meet their specific requirements.” (SecAware Policies, n.d.). Part 1, ISO/IEC 27033-1 offers guidance on identifying and analyzing network security risks, offers definition of network security, provides an overview of security controls to support network technical security architectures and covers implementation and operation of network security controls and ongoing monitoring (The ISO 27000 Directory, n.d.). Part 2, ISO/IEC 27033-2 provides guidelines for the design and implementation of network security which covers risks, design, technique, control issues and serves as a foundation for detailed recommendations on end-to-end network security (SecAware Policies, n.d.). Part 3, ISO/IEC 27033-3 discusses threats, specifically, rather than all the elements of risk (SecAware Policies, n.d.). Part 4, ISO/IEC 27033-4 discusses securing communications between networks using security gateways, outlines how security gateways analyze and control network through packet filtering, stateful packet inspection, application proxy, application firewalls, network address translation and content analysis and filtering (SecAware Policies, n.d.). Part 5, ISO/IEC 27033-5 discusses securing communications across networks using virtual private networks (VPNs) and part 6, ISO/IEC 27033-6 discusses securing wireless IP network access (SecAware Policies, n.d.).
References
Gunawardena, L., & Ramesh, L. (2014, Aug 15). Understanding IT Governance and Why It Often Fails. Retrieved from Architecture & Governance: https://www.architectureandgovernance.com/it-governance/understanding-governance-often-fails/
SecAware Policies. (n.d.). ISO/IEC 27033. Retrieved from SecAware Policies: https://www.iso27001security.com/html/27033.html
The ISO 27000 Directory. (n.d.). Introduction To ISO 27033 (ISO27033). Retrieved from The ISO 27000 Directory: https://www.27000.org/iso-27033.htm
Bottom of Form
