images 8

GOVERNANCE OF THE INFORMATION SYSTEMS ORGANIZATION

Governance structures define the way decisions are made in an organization. This chapter explores three models of governance based on organization structure (centralized, decentralized and federal), decision rights, and control (i.e., COSO, COBIT, ITIL). Examples and strategies for implementation are discussed.

In April 2011, Sony was hit by one of the biggest data breaches in history when a hacker to its PlayStation Network service compromised the personal information of potentially 100 million users. Sony took the on-line platform, which lets people play games with others and access multimedia content, offline for weeks. To woo back its customers it offered them a “welcome back package,” which included free games and movies, as well as $1 million identity theft insurance policy per customer in the event that their personal information was used for illegal purposes. The estimated cost of the breach is a whopping 104 million British pounds, not counting reputational damage. A U.S. Congressional Committee, the U.K. Minister of Culture, and the city of Taipei were among those demanding more information about the breach.

Sony appears to have placed little value on its security prior to the breach. Just two weeks before the breach it had laid off 205 employees, a substantial percentage of the unit responsible for network security. ...

Get Managing and Using Information System now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.