Understand ISO 38500: the standard for the corporate governance of IT
ISO/IEC38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the Board is appropriately involved in the governance of the organisation's IT. The standard sets out guiding principles for directors on how to ensure the effective, efficient and acceptable use of IT within their company.
This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework.
Business benefits of ISO/IEC 38500 (ISO38500) include:
Manage the organisation's investment in IT responsibly The pocket guide shows how the standard can be used to ensure that your decision making about IT investment remains clear and transparent, and that the associated risks are clearly understood.
Meet compliance requirements ISO/IEC38500 requires directors to verify that their IT systems are in compliance with all applicable regulations. As this pocket guide explains, following the procedures set out in ISO/IEC38500 will help company directors both to achieve and demonstrate compliance.
Improve the performance of the organisation On average, investment in IT represents more than 50 per cent of every organisation's annual capital investment. Both private and public sector organisations need to maintain a high standard of service while at the same time keeping costs low. The pocket guide looks at how following the guidance contained in ISO/IEC38500 can enable directors to retain a grip on costs and obtain better value for money from IT equipment.
Introduce effective project governance This pocket guide describes how ISO/IEC38500 can help company directors to identify problems in an IT project at an early stage. In this way, the standard promotes effective management of the risks associated with major IT projects, enables the board to keep a grip on budgets and militates against project failure.
Implement ISO38500, the international standard for corporate governance of IT
An IT governance framework serves to close the gap between the importance of IT and the understanding of IT. For this reason, you can use an IT governance framework to improve your company's competitive position."
Table of contents
- ITG POCKET GUIDES
- CHAPTER 1: INTRODUCTION
- CHAPTER 2: INFORMATION SECURITY RISK MANAGEMENT
- CHAPTER 3: DEFINITIONS
- CHAPTER 4: ASSET OWNERS
- CHAPTER 5: OVERVIEW OF THE RISK ASSESSMENT PROCESS
- CHAPTER 6: ASSET IDENTIFICATION
- CHAPTER 7: THREATS AND VULNERABILITIES
- CHAPTER 8: ASSET VALUATION
- CHAPTER 9: RISK LEVEL
- CHAPTER 10: RISK TREATMENT AND CONTROL SELECTION
- CHAPTER 11: STATEMENT OF APPLICABILITY AND RISK TREATMENT PLAN
- CHAPTER 12: REVIEWING THE RISK ASSESSMENT
- Title: Risk Assessment for Asset Owners
- Release date: May 2007
- Publisher(s): IT Governance Publishing
- ISBN: 9781849281232
You might also like
The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition
The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this …
Developing Cybersecurity Programs and Policies, Third Edition
All the Knowledge You Need to Build Cybersecurity Programs and Policies That Work Clearly presents best …
CISSP All-in-One Exam Guide, Eighth Edition, 8th Edition
A new edition of Shon Harris’ bestselling exam prep guide—fully updated for the new CISSP 2018 …
CISM Certified Information Security Manager All-in-One Exam Guide
This effective study guide provides 100% coverage of every topic on the latest version of the …