IT Governance and Information Security Guides Standards and Frameworks 1st Edition by Yassine Maleh, Abdelkebir Sahid, Mamoun Alazab, Mustapha Belaissaoui ISBN 0367753243 9780367753245

Section 1: IT Governance: Definitions and Standards

Section 2: Maturity Frameworks for Information Technology Governance

Section 3: Maturity Frameworks for Information Security Governance

Section 1 IT Governance: Definitions and Standards

1 Information System and IT Governance Evolution

1.1 Introduction

1.1.1 Information System Definition and Objective

1.1.2 Information System Concept

1.1.3 Concepts of Enterprise Application

1.1.4 Features of Enterprise Applications

1.1.5 Autonomy

1.1.6 Distribution

1.1.7 Heterogeneity

1.1.8 Dynamism

1.1.9 EIS and Company Strategy

1.1.10 Enterprise Information Systems Complexity

1.1.11 Complexity Factors

1.1.12 Evolution of EIS’s

1.1.13 IT Governance

1.1.14 Urbanization

1.1.14.1 The Metaphor of the City

1.1.14.2 The Urbanization of Information System

1.1.15 Flexibility

1.1.16 Agility

1.1.16.1 IS Organizational Design

1.1.16.2 Competencies and Skills of IS Professionals

1.1.16.3 IS Development

1.1.16.4 Design of IT Infrastructure

1.2 Summary

2 IT Governance and Information Security: Guides and Standards

2.1 Introduction

2.2 Research Methodology

2.2.1 The Word of the IT Governance Subject

2.2.2 The Word of IT Governance Usage

2.2.3 The Word of the IT Governance System

2.2.4 The Word of IT Governance Development

2.3 IT Governance Standards

2.3.1 COBIT

2.3.2 LIBRARY (ITIL)

2.3.3 Structure of ITIL v4

2.3.4 CMMI

2.3.4.1 Level 1: Initial

2.3.4.2 Level 2: Managed

2.3.4.3 Level 3: Defined

2.3.4.4 Level 4: Quantitatively Managed

2.3.4.5 Level 5: Optimizing

2.3.5 Committee of Sponsoring Organizations of the Treadway Commission (COSO)

2.3.6 PMBOOK

2.3.7 ISO/IEC 27001:2005 (Revised by ISO/IEC 27001:2013)

2.4 ISO/IEC 27002:2005 (Revised by ISO/IEC 27002:2013)

2.5 ISO/IEC 27002:2005 (Revised by ISO/IEC 27002:2021)

2.5.1 NIST

2.5.2 Core Framework

2.5.3 Implementation Tiers

2.5.4 Framework Profile

2.5.5 Comparison and Analysis

2.6 Summary

Section 2 Maturity Frameworks for Information Technology Governance

3 IT Governance in Organizations: A Maturity Framework Based on COBIT 5

3.1 Introduction

3.2 Background and Literature Review

3.3 Theoretical Framework

3.4 Research Methodology

3.5 Exploring IT Governance in MENA Medium and Large Organizations

3.5.1 Data Collection

3.5.2 Data Analysis

3.6 Results

3.7 Case Study

3.7.1 Data Collection

3.7.2 Data Analysis

3.7.3 Assessing Capability Maturity

3.7.4 Capability Level Analysis

3.7.5 Maturity Level Analysis

3.7.6 Goals Cascade

3.7.7 Discussion

3.8 Summary

4 IT Service Management as a Key Pillar for IT Governance: A Maturity Framework Based on ITILv4

4.1 Introduction

4.2 Related Research

4.2.1 Agility in Literature

4.3 The Proposed ITSM/ITAM Framework

4.3.1 IT Service Management (ITSM)

4.3.2 IT Asset Management (ITAM)

4.3.3 IT Security Management

4.3.4 Agility Management

4.3.5 The Proposed Agile ITSM/ITAM Framework

4.4 Use Case

4.4.1 Discover

4.4.2 ITSM Audit Score

4.4.3 ITAM Audit Result

4.4.4 IT Security Audit Result

4.4.5 Do

4.4.5.1 The Practical Framework to Enhance ITSM/ITAM Efficiency

4.4.6 Act

4.4.7 Benefits of the Proposed Agile ITSM/ITAM after Implementation in the Organization

4.5 Summary

5 Cloud Computing as a Key Pillar for Agile IT Governance

5.1 Introduction

5.2 Literature Review

5.3 Theoretical Foundation

5.4 Combining DOI and TOE

5.5 Research Model and Hypotheses

5.6 The Innovation Characteristics

5.7 Technological Readiness

5.8 The Organization Context

5.9 The Environmental Context

5.10 Research Methodology

5.10.1 Quantitative Methodology

5.10.2 Measurement Model

5.11 Data Collection

5.12 Results

5.13 Finding

5.14 Organizational Context

5.15 Environmental Context

5.16 Discussion and Interpretations

5.17 The Proposed Cloud Governance Framework

5.18 Policies and Principles

5.19 Organization

5.20 Financials

5.21 Process

5.22 Summary

Section 3 Maturity Frameworks for Information Security Governance

6 Information Security Governance: Best Practices in Organizations

6.1 Introduction

6.2 Literature Review and Background

6.3 Research Methodology

6.3.1 Data Collection

6.3.2 Demography Characteristics

6.3.3 Measurement Survey Model

6.4 Survey Results

6.4.1 IT Security Governance Knowledge

6.4.2 Conditions for Implementing Information Security Governance

6.4.3 Strategic Issues in Information Security Governance

6.4.4 IT Security Governance Strategy and Metrics

6.4.5 IT Service and Asset Security Management

6.4.6 Vulnerability and Risk Management

6.4.7 Information Security Compliance, Control, and Verification

6.4.8 Organizational Maturity of Information Security Governance

6.5 Discussion and Interpretation

6.6 Summary

Appendix 1

Appendix 2

7 Information Security Governance: A Maturity Framework Based on ISO/IEC 27001

7.1 Introduction

7.2 Theoretical Framework

7.2.1 Framework Overview

7.2.2 Framework Core

7.2.3 Framework Maturity Profile

7.3 Use Case

7.3.1 Data Collection

7.3.2 Data Analysis

7.3.3 Conducting Assessments

7.3.4 Assessing Capability Maturity

7.3.5 Developing Improvement Action Plans

7.4 Summary

Appendix 1

Appendix 2

8 Information Security Policy: A Maturity Framework Based on ISO/IEC 27002

8.1 Introduction

8.1.1 Problem Statement

8.1.2 Research Question/Approach

8.1.3 Purpose

8.2 Background

8.2.1 The ISO/IEC 2700x Family

8.2.1.1 ISO/IEC 27001

8.2.1.2 ISO/IEC 27002:2005 (Revised by ISO/IEC 27002:2013)

8.2.1.3 ISO/IEC 27002:2005

8.2.1.4 ISO/IEC 27002:2005

8.2.1.5 Other ISO 27000 Standards

8.3 Research Methodology

8.3.1 Data Collection

8.3.2 Data Analysis

8.3.3 Results and Discussion

8.4 Case Study

8.4.1 ISSP Global Plan

8.4.2 Preamble

8.4.3 Context

8.4.4 Perimeter

8.4.5 ISSP Issues in the PUBLIC_ORG

8.4.6 Security Requirements

8.4.7 Security Clauses

8.4.7.1 Organization of Information Security

8.4.7.2 Information System Security Policy

8.4.7.3 Asset Management

8.4.7.4 Human Resources Security

8.4.7.5 Physical and Environmental Safety

8.4.7.6 Operations Management

8.4.7.7 Access Controls

8.4.7.8 Cryptography

8.4.7.9 System Acquisition, Development, and Maintenance of Information Security

8.4.7.10 Supplier Relationships

8.4.7.11 Compliance

8.5 Summary

Appendix 1

Conclusion

References

Acronyms

Index