Content of Figures
1 Management Summary
IT Governance as the sum of all policies, the organisational structure and the enterprise process framework must ensure that IT is implemented adequat ...Login Get full Access
- IT Compliance and Risk Management must be understood as not an additional burden.
- Embedding IT Compliance and Risk Management into all relevant bu ...
This document suggests a paradigm change by understanding IT Compliance as a central corporate goal, thus enabling new synergies and fostering busines ...Login Get full Access
3.1 Building blocks of IT Governance
IT Risk management is often considered to be a part of IT Governance. This discipline looks at threats and risks to information and the systems proces ...Login Get full Access
3.2 Regulations and requirements
Many requirements are imposed on organizations based on national or regional legislation but also on the basis of their industry or the type of busine ...Login Get full Access
3.3 Best practice frameworks
Identifying the applicable requirements is an important task. Once those have been determined, it is of course of importance to get to an adequate pro ...Login Get full Access
4 Business values as the basis for a strategic IT compliance approach
Forward-thinking organisations build their corporate actions on a solid basis by defining corporate goals and pursuing them constantly. Extending typi ...Login Get full Access
4.1 Identifying business values beyond mere regulatory compliance
An essential, strategic challenge for every organisation is the definition of adequate corporate goals. These goals ideally determine the bottom line ...
The important step that should be taken up-front is to understand that a change in focus is required. Taking additional or modified enterprise objecti ...Login Get full Access
4.2 Building on a mature GRC program
Companies in the financial services sector were among the first that had to get used to various national, international and sector-specific standards ...Login Get full Access
4.3 Understanding external and legal requirements as success factors
Being compliant to legal requirements has typically not been considered as a main objective for organisations. But once it is understood that the fail ...
An adequate definition of corporate objectives between traditional market oriented goals and secondary goals as described above needs to be accepted a ...Login Get full Access
4.4 Changes in business models and IT
Many factors influence the changes that can be currently seen and that will have an impact on the way we do business today and even more tomorrow. Now ...Login Get full Access
4.5 From external requirements and corporate objectives to a policy framework
An essential part for defining the necessary requirements is the set of external laws and regulations to be met. Understanding which legal and regulat ...
The high level of abstraction for these documents implies that not all internal or external requirements need to be codified within corporate policies ...Login Get full Access
5 IT Compliance and IT Security by design
With the increasing number of legal requirements as well as the growth in of individual requirements, many organisations must identify the right contr ...Login Get full Access
5.1 Determining and documenting business benefits
Embedding the demands resulting from IT Compliance into robust and secure IT processes and technologies is both a challenge and an opportunity for man ...
The following two sections illustrate potential benefits as examples for the advantages that can be gained from the suggested approach.Login Get full Access
5.2 Potential benefits for breach and incident management
Breach and incident management systems are designed to achieve a controlled and proactive approach to handling security threats and incidents. They im ...Login Get full Access
5.3 Potential benefit for infrastructure management and sustainability
A strong level of control over corporate IT systems, no matter whether they are in the cloud, on premises, or a hybrid, helps in achieving a much bett ...
Maintain policy ...