ABOUT US

FORUMS

PARTNERS

PRODUCTS & SERVICES

FREE RESOURCES

JOIN
NOW!

You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2008 Posts

Is the problem with the technology, the procedures or the people?
Mon 24th 2008 @ 6:05 AM
Clicking on links is like hitch-hiking - you never know where you'll end up
Mon 24th 2008 @ 6:03 AM
Social engineering petrie dishies could easily be more secure
Mon 24th 2008 @ 6:02 AM
Book review - IT Governance: Guidelines for Directors
Mon 24th 2008 @ 6:00 AM
Visitor access logs can be used for unintended purposes by anyone
Thu 20th 2008 @ 3:00 PM
Deterrent safeguards - they can't prevent anything, so why bother?
Thu 20th 2008 @ 2:58 PM
What's your board doing with IT?
Thu 20th 2008 @ 2:55 PM
It's not that you can't trust them, but...
Thu 20th 2008 @ 2:54 PM
Getting to secure - incrementally and practically
Thu 20th 2008 @ 2:51 PM
Scott Wright's Security Views column is moving to The Streetwise Security Zone for your convenience
Wed 19th 2008 @ 9:23 AM
Getting on the blog wagon
Wed 19th 2008 @ 9:06 AM
Instant messaging in the enterprise... security threat, privacy threat or useful tool?
Wed 19th 2008 @ 9:04 AM
If you don't have integrity, what do you have?
Wed 19th 2008 @ 9:02 AM
Magic Crypto Fairy Dust
Wed 19th 2008 @ 9:01 AM
Debit Machine Tampering
Wed 19th 2008 @ 8:59 AM
USB Tokens Can Be Risky
Wed 19th 2008 @ 8:58 AM
Voice Over IP Security
Wed 19th 2008 @ 8:53 AM
Canadian Breach Notification Laws
Wed 19th 2008 @ 8:52 AM
Book - Beyond Fear by Bruce Schneier
Wed 19th 2008 @ 8:50 AM
Welcome to Scott Wright's Security Views
Wed 19th 2008 @ 8:41 AM

Book review - IT Governance: Guidelines for Directors

Monday, November 24th 2008 @ 6:00 AM (not yet rated) post viewed 834 times

Originally posted - May 3, 2007

I have been hearing the name Alan Calder from several sources lately. So, I ordered the book above (Here). It’s definitely worth having on the shelf, even if it does have a fairly high “price per page”.

I found the book to be packed with relevant references for everything from standards to market surveys. I marked it up pretty well inside, making notes to myself on how the information could be used. In particular, it spends a lot of time on how to draw the linkage between IT Governance and IT Security; primarily through the fact that Directors are tasked with managing the risk of an organization, which has much in common with the IT risks, especially since most organizations’ “intellectual capital” far outweighs its traditional counterpart based on “book values” of capital.

From Chapter 1: “Risk management at both the strategic and operational levels is a board responsibility, and is impossible without effective IT governance.”

In fact, because IT Governance itself implies that information is being gathered and processed about all aspects of an organization, there must be some protection of the confidentiality, integrity and availability of that information - therefore IT Security is a must for good governance, and the board should be involved… QED.

The bottom line is that it gives a good case for everyone to urge their Boards of Directors to make sure that IT Governance is on the Board’s agenda. After all, capital investment in IT is now over 50% of most companies’ capital budgets, and as an operating cost IT represents over 30% for most companies. Shouldn’t that get some oversight at the Board level?

Among other things I found valuable in the book was the practical approach to putting an IT Governance framework in place. Instead of a critical path plan, it has a set of useful concepts that can be implemented as needed, allowing you to move over time to a more responsible system of managing IT.

As for the low points, the only thing I could call out is the fact that a disproportionately high number of references and examples come from the UK, where Calder is based. However, it still has plenty of relevant information for us in North America, and the UK/European comparisons are certainly not irrelevant to any global organizations. In reality, it just opened my eyes to how much work needs to be done to align standards for governance globally.

My live security awareness webinars are a quick and affordable way to provide your entire staff with professional quality security awareness training and education - whether it's general training or for specific teams or industries. I offer group rates and can tailor content to your specific needs. Please call or email me at the coordinates below, or CLICK HERE to see my training webinar catalog.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

add a comment

rate this post:

Comments