MIS 475 : Chapter 8 : Governance of the information systems organization.
MIS 475 : Chapter 8 : Governance of the information systems organization. MIS 475
Popular in Managing and Using Information System
verified elite notetaker
Popular in Department
This 3 page Class Notes was uploaded by Winn on Sunday March 13, 2016. The Class Notes belongs to MIS 475 at Marshall University taught by in Spring 2016. Since its upload, it has received 12 views.
Reviews for MIS 475 : Chapter 8 : Governance of the information systems organization.
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 03/13/16
Chapter 8 : Governance of the information systems organization. Explaining Important Most Important 1) IT Goverance Governance in the context of business enterprises is all about making decisions that define expectation, grant authority or ensure performance. A traditional perspective of IT governance focuses on how decision rights can be distributed differently to facilitate centralized, decentralized or hybrid modes of decision making. ** Centralized versus Decentralized organizational structures. Centralized IS organizations vring together all staff, hardware, software, data and processing into a single location. Decentralized IS organizations scatter these components in different locations to address local business needs. 70.6 % of the participating organizations are centralized in terms of IT. Federalism is a structuring approach that distributes power, hardware, software , data and personnel between a central IS group and IS in business units. Define IT governance as “specifying the decision rights and accountability framework to encourage desirable behavior in using IT”. Good IT governance probed a structure to make good decisions. It can also limit the negative impact of organizational politics in IT-related decisions. An archetype is a pattern from decision rights allocation. 2) IT governance and security : a) Information Security Strategy : based on such IT principles as protecting the confidentiality of customer information, strict compliance with regulations, and maintaining a security baseline that is above the industry benchmark b) Information security policies : encourage standardization and integration - Policies must reflect the delicate balance between the enhanced information security gained from following them versus productivity losses and user inconvenience. c) Information security infrastructure : aligning security mechanisms to the IS architecture specifications. - To achieve consistency in protection , economies of scale , and synergy among the components. d) Information Security Education/Training/Awareness : it is very important to make business users aware of security policies and practices. e) Information security investments : The “FUD factor” ( fear , uncertainty, and doubt) used to be all that was needed to get top management to invest in information security. - Decision makers are truly empowered when they hold the authority to make decisions that (1)Are suitable for their positions (2)Make the best use of their expertise and knowledge (3)Cater to the needs and specialization of the organizations units to which they belong 3) Decision-making mechanisms : - Policies are useful for defining the process of making a decision under certain situations. - A review board, or committee that is formally designated to approve, monitor and review specific topic, can be an effective governance mechanism. - IT steering committee, or an advisory committee of key stakeholders or experts that provides guidance on important IT issues. 4) Governance frameworks for control decisions : a) Sarbanes – Oxley Act of 2002 : was enacted in the United States in 2002 to increase regulatory visibility and accountability of public companies and their financial health. b) Frameworks for Implementing SoX : - COSO - COBIT ( control objectives for information and related technology ) - ITIL ( Information technology infrastructure library )