IT governance seems to be one of the best strategies to optimize IT assets in an economic context dominated by information, innovation, and the race for performance. The multiplication of internal and external data and increased digital management, collaboration, and sharing platforms exposes organizations to ever-growing risks. Understanding the threats, assessing the risks, adapting the organization, selecting and implementing the appropriate controls, and implementing a management system are the activities required to establish proactive security governance that will provide management and customers the assurance of an effective mechanism to manage risks.
IT Governance and Information Security: Guides, Standards, and Frameworks is a fundamental resource to discover IT governance and information security. This book focuses on the guides, standards, and maturity frameworks for adopting an efficient IT governance and information security strategy in the organization. It describes numerous case studies from an international perspective and brings together industry standards and research from scientific databases. In this way, this book clearly illustrates the issues, problems, and trends related to the topic while promoting the international perspectives of readers.
This book offers comprehensive coverage of the essential topics, including:
- IT governance guides and practices;
- IT service management as a key pillar for IT governance;
- Cloud computing as a key pillar for Agile IT governance;
- Information security governance and maturity frameworks.
In this new book, the authors share their experience to help you navigate today’s dangerous information security terrain and take proactive steps to measure your company’s IT governance and information security maturity and prepare your organization to survive, thrive, and keep your data safe. It aspires to provide a relevant reference for executive managers, CISOs, cybersecurity professionals, engineers, and researchers interested in exploring and implementing efficient IT governance and information security strategies.
Table of Contents
IT Governance: Definitions and Standards
Information System and IT Governance Evolution
IT Governance and Information Security: Guides and Standards
Maturity Frameworks for Information Technology Governance
IT Governance IT Governance in Organizations: A Maturity Framework based on COBIT 5
IT Service Management as a key pillar for IT Governance: A Maturity Framework based on ITILv4
Cloud Computing as a key pillar for Agile IT Governance
Maturity Frameworks for Information Security Governance
Information Security Governance: Best practices in organizations
Information Security Governance: A maturity framework based on ISO/IEC 27001
Information Security Policy: A Maturity Framework based on ISO/IEC 27002
Compilation of References
About the Authors
Yassine Maleh (http://orcid.org/0000-0003-4704-5364) is a PhD of the University Hassan 1st in Morocco in the field of Internet of Things Security and privacy, since 2013. He is Senior Member of IEEE, Member of the International Association of Engineers IAENG and The Machine Intelligence Research Labs. Dr Maleh has made contributions in the fields of information security and privacy, Internet of Things Security, Wireless and Constrained Networks Security. His research interests include Information Security and Privacy, Internet of Things, Networks Security, Information system and IT Governance. He has published over than 70 papers (Book chapters, international journals and conferences/workshops), and 8 edited books and 3 authored books. He is the editor in chief of the International Journal of Smart Security Technologies (IJSST). He serves as an Associate Editor for IEEE Access (2019 Impact Factor 4.098), the International Journal of Digital Crime and Forensics (IJDCF) and the International Journal of Information Security and Privacy (IJISP). He was also a Guest Editor of a special issue on Recent Advances on Cyber Security and Privacy for Cloud-of-Things of the International Journal of Digital Crime and Forensics (IJDCF), Volume 10, Issue 3, July-September 2019. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conference and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the Publicity chair of BCCA 2019 and the General Chair of the MLBDACP 19 symposium and ICI2C’21 conference. He received Publon Top 1% reviewer award for the years 2018 and 2019
Mamoun Alazab (https://orcid.org/0000-0002-1928-3704) is the Associate Professor in the College of Engineering, IT and Environment at Charles Darwin University, Australia. He received his Ph.D. degree is in Computer Science from the Federation University of Australia, School of Science, Information Technology and Engineering. He is a cyber security researcher and practitioner with industry and academic experience. Dr Alazab’s research is multidisciplinary that focuses on cyber security and digital forensics of computer systems including current and emerging issues in the cyber environment like cyber-physical systems and the internet of things, by taking into consideration the unique challenges present in these environments, with a focus on cybercrime detection and prevention. He looks into the intersection use of machine learning as an essential tool for cybersecurity, for example, for detecting attacks, analyzing malicious code or uncovering vulnerabilities in software. He has more than 100 research papers. He is the recipient of short fellowship from Japan Society for the Promotion of Science (JSPS) based on his nomination from the Australian Academy of Science. He delivered many invited and keynote speeches, 27 events in 2019 alone. He convened and chaired more than 50 conferences and workshops. He is the founding chair of the IEEE Northern Territory Subsection: (Feb 2019 – current). He is a Senior Member of the IEEE, Cybersecurity Academic Ambassador for Oman's Information Technology Authority (ITA), Member of the IEEE Computer Society's Technical Committee on Security and Privacy (TCSP) and has worked closely with government and industry on many projects, including IBM, Trend Micro, the Australian Federal Police (AFP), the Australian Communications and Media Authority (ACMA), Westpac, UNODC, and the Attorney General’s Department.
Sahid Abdelkbir is from Morocco. He is a PhD Student at the University Hassan 1st in Settat Morocco, since 2014. He received his Master degree (2012) in Computer Sciences from the Faculty of Science and Technology Settat, Morocco, and his Bachelor in Networks and IT Systems (2009) from Hassan 1st University Morocco. His research interests include Information Systems, IT Service Management, IT Security and IT Agility. He is the author of the book “Strategic Information System Agility: From Theory to Practices”, by Emerald.
Mustapha Belaissaoui is a Professor of Computer Science at Hassan 1st Univesity, Settat, Morocco, President of the Moroccan Association of Free Software (AMP2L), and Head of Master Management Information System and Communication. He obtained his PhD in Artificial Intelligenc from Mohammed V University in Rabat. His research interests are Combinatorial Optimization, Artificial Intelligence and Information Systems. He is the author and co-author of more than 70 papers including journals, conferences, chapters, and books, which appeared in refereed specialized journals and symposia.