Disclaimer: This is an example of a student written essay.
Click here for sample essays written by our professional writers.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Information Security and IT Governance Planning

Paper Type: Free Essay Subject: Information Technology
Wordcount: 1269 words Published: 18th May 2020

Reference this

    IT Governance Planning

IT Governance is essentially a component used by the higher management to govern and direct information technology. It is a part of the corporate governance.

The processes, practices and scope of IT Governance today varies by organization and is framed around factors like industry, internal politics and capability. (Spacey, 2015)

IT governance is about taking decisions structured around the past trends in a repeatable manner to support IT assets to accomplish the organization’s goals. One of the major goals of a company is to ensure that the IT assets generate the best business value and alleviate risks efficiently. Research has found that “top performing enterprises succeed in obtaining value from IT where others fail, in part, by implementing effective IT governance to support their strategies and institutionalize good practices” among the private sector organizations. (Mitre Corporation, 2018)

Among the many governance practices like Asset Management, Audits (Financial, Technology, and Finance), Capability management, Compliance, IT Operations, Information Governance, et all, being on the Info-Sec team as the manager during one of my projects, safeguarding the company’s data was of utmost importance. (Spacey, 2015)

So, I’d like to discuss in depth on Information Security as a governance plan. Safeguarding data from threats and misuse is one of the many roles that the Information Security team plays. In most cases, information security cumulates much attention from both the Corporate and IT Governance. Cybersecurity is a major concern for most of the corporates in this rapidly changing technological world. Utmost care must be taken as to mitigate any data breach that could potentially have adverse effects on the organization and the employees. This could result in loss of market share to the competitors and lose the present and future customers and investors alike. It could also mean disastrous financial effects to the organization which could include ransom, government penalties, compliance penalties, and possibly the organization going bankrupt.

Information security is the practice of protecting information and data from unauthorized access, disclosure, interruption, alteration or destruction and leads to the economic confidence to the stakeholders and the organization. The following are common information security governance considerations to name a few.

  1. Encryption
  2. Authentication
  3. Authorization
  4. Vulnerability Management (Spacey, Information Security Terms, 2015)


Encrypting is the process of modifying data into ciphertext that can be understood only with a “key.” It is dependent on the strength and complexity of the algorithms and keys. Implemented correctly, it is challenging or improbable to break. Encryption is an essential chunk of information security that empowers privacy, secure communication and transactions.

Strong passwords, Symmetric encryptions, Hashcode, Plaintext, Cryptography, Cleartext are a few encryption techniques. (Spacey, 10+ Encryption Techniques, 2016)


Authentication is corroborating the identity of a person or a digital entity. It is the basic factor in information security that certifies that the entities are who or what they declare to be. It is prevalent to authenticate to use physical characteristics such as fingerprints.

Multi-factor Authorizations, Digital Identity, Authentication codes, Smart cards are a few techniques for authorizing physical as well as digital presence. (Spacey, 10+ Authentication Techniques, 2016)


Authorization is the process to control permissions which includes permission to perform actions, access systems, create, view, change or delete, or transmit information, perform a transaction or a function, run software and access physical locations. Authorization is a crucial aspect of both the physical and information security of organizations.

Privacy, Tokenization, Digital Identity, Least Privileges are a few Authorization considerations. (Spacey, 5+ Types of Authorization, 2017)

Vulnerability Management:

Needing a management oversight, the vulnerability management (VM) is a continuous information security risk undertaking. There are four high-level procedures that envelope VM- Discover, Report, Prioritize and Respond. In a good VM framework, each process needs to be part of a continued cycle focused on enhancing security and mitigate network asset risks. VM programs are the basis of an extensive information security program. They are a must in most organizations today as Info-Sec compliance, Audit and Risk management frameworks demand organizations to maintain a VM program.

Managing vulnerabilities with discovery and rediscovery, Reporting vulnerabilities, Risk Response, Penetration Testing are a few VM methods. (Bisson, 2018)


  1. John, Spacey. (2017, November 14). 18 Examples of Cybersecurity. Simplicable. 
    Retrieved from: https://simplicable.com/new/cybersecurity
  2. (Mitre Corporation, 2018) 


  1. (Spacey, 27 Types of IT Governance, 2015). Simplicable. 
    Retrieved from: https://simplicable.com/new/information-technology-governance
  2. (Spacey, Information Security Terms, 2015). Simplicable. 
    Retrieved from: https://simplicable.com/new/information-security
  3. (Spacey, 10+ Encryption Techniques, 2016). Simplicable. 
    Retrieved from: https://simplicable.com/new/encryption
  4. (Spacey, 10+ Authentication Techniques, 2016). Simplicable. 
    Retrieved from: https://simplicable.com/new/authentication
  5. (Spacey, 5+ Types of Authorization, 2017). Simplicable. 
    Retrieved from: https://simplicable.com/new/authorization
  6. (Bisson, 2018) 

Retrieved from: https://www.tripwire.com/state-of-security/vulnerability-management/what-is-vulnerability-management-anyway/


Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: