CHAPTER TEN
Governance, IT Security, and Continuity Management
EFFECTIVE IT SECURITY AND CONTINUITY management processes are important elements of overall enterprise IT governance. IT security is a broad term that refers to processes and controls that will protect both IT systems and data, as well as the enterprise’s physical assets, from a wide variety of potential threats. In our Internet-driven world of today, aside from the risk from people worldwide who might be interested in improperly accessing secured systems, IT security is an ever-present and growing concern. An enterprise needs to implement effective IT security processes that will allow it to govern and control its IT assets.
While security processes are important to protect IT assets from unauthorized persons, IT operations also face threats from such risks as fires in a facility, natural disasters, or equipment failures. This is the area of IT risk concerns that was known as IT disaster recovery planning in the early days of IT when mainframe systems were predominant; today it is generally called IT continuity planning. Whether it be hardware or software backup resources, an enterprise should have the resources in place to continue operations in the event of any non-normal interruption in the regular operations schedules.
This chapter discusses why it is important to have IT security and continuity processes in place for effective IT governance. Effective IT security and continuity planning processes are often complex, ...
Get Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.