Thursday, February 14, 2008

Information technology governance

Problems with IT governance

Nicholas Carr has emerged as a prominent critic of the idea that information technology confers strategic advantage.[5] This line of criticism might imply that significant attention to IT governance is not a worthwhile pursuit for senior corporate leadership. However, Carr also indicates counterbalancing concern for effective IT risk management.

The manifestation of IT governance objectives through detailed process controls (e.g. in the context of project management) is a frequently controversial matter in large scale IT management. See Agile methods. The difficulties in achieving a balance between financial transparency and cost-effective data capture in IT financial management (i.e., to enable chargeback) is a continual topic of discussion in the professional literature[6], [7] and can be seen as a practical limitation to IT governance

Relationship to other IT disciplines

IT governance is supported by disciplines such as:

Frameworks

There are quite a few supporting mechanisms developed to guide the implementation of information technology governance. Some of them are:

  • Control Objectives for Information and related Technology (COBIT) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. The ITGI (IT Governance Institute) is responsible for CObIT
  • The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.
  • The Information Security Management Maturity Model ISM3 is a process based ISM maturity model for security.
  • AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology

Others include:

  • BS7799 - focus on IT security
  • CMM - The Capability Maturity Model - focus on software engineering

Non-IT specific frameworks of use include:

  • The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas.
  • Six Sigma - focus on quality assurance

http://en.wikipedia.org/wiki/Information_technology_governance

2 comments:

Anonymous said...

You skipped ISM3, www.ism3.com... :)

jpbigband said...

Excellent article - you also missed PTA - Practical Threat Analysis -
PTA