Home > Articles

  • Print
  • + Share This
This chapter is from the book

Chapter Summary

In this chapter, you learned about IT governance. Governance starts with senior management and extends down though the organization. Good governance requires that the goals of an organization's information systems (IS) department map to the goals of the company. Technology's role is to support the company and help it reach its goals. This requires strategy. Mapping the strategy of the company to the technology needs of the organization is the role of the steering committee.

Other requirements are policies, procedures, and standards. These documents not only provide a high-level view of the mission and direction of the company, but they also guide employees in their day-to-day activities. Auditors also play a role in governance. Auditors are tasked with reviewing the documents, standards, and policies that an organization has, to determine how closely they map to employee activities. Auditors might note missing documentation, obsolete documentation, or documentation that is not being followed. Auditors might also review job roles and responsibilities to understand the risks that an individual might pose to the company.

Key Terms

  • Annualized loss expectancy
  • Balanced score card
  • Bottom-up policy development
  • Capability maturity model
  • CobiT
  • Enterprise architecture
  • Guideline
  • Key verification
  • Outsourcing
  • Policy
  • Procedure
  • Qualitative risk assessment
  • Quantitative risk assessment
  • Required vacation
  • Right-to-audit
  • Risk analysis
  • Rotation of assignment
  • Security policy
  • Standard
  • Termination procedure
  • Top-down policy development
  • Vulnerability
  • + Share This
  • 🔖 Save To Your Account