COVID-19 has left a deep impact on society. It still affects the way we live and the way we work. 公司改变了他们的交付模式, and many more people are now working remotely to adhere to new social distancing protocols. No organization was 100% prepared for COVID-19. 然而, having strong governance at the center of a company’s IT security program can make a huge difference in adapting to this changing environment that no one pictured when making their 2020 New Year’s resolutions.
How could companies have been better prepared for this? Very few had this particular scenario in mind, but many do have a business continuity plan (BCP). This is an essential part of enterprise governance, and it’s based on solid risk management principles. In COBIT 2019, the BCP (DSS04) is described as: “Establish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operations of critical business processes and required IT services and maintain availability of information at a level acceptable to the enterprise.其目的是:“快速适应。, continue business operations and maintain availability of resources and information at a level acceptable to the enterprise in the event of a significant disruption (e.g.(威胁、机会、需求).”
This means each company should identify which processes are critical for their business, how IT supports them and what needs to be done in case something happens. Different scenarios should be taken into consideration, including measures that should be taken in case the primary site is not operational or connectivity is lost. The IT solution should be resilient and support the company’s needs. Resilience is the ability of a system or network to resist failure or to recover quickly from any disruption, 通常收效甚微. This is part of a healthy governance framework.
Companies are looking more and more at the cloud as a safe haven for their data. SaaS(软件即服务), PaaS (platform as a service) and IaaS (infrastructure as a service) can be adapted to suit everyone’s needs, either as a primary or secondary solution (enhancing the on-premise deployment). Cloud service providers offer resilience and availability, with the benefits of lowering your CAPEX and cost for highly skilled IT staff. But this needs to be done within your company’s governance principles (due care/due diligence), according to the enterprise risk appetite.
Figure 1—治理 of 澳门赌场官方下载 IT (GEIT)
什么是澳门赌场官方下载治理? Kotter’s definition: “澳门赌场官方下载 governance is a set of responsibilities and practices exercised by the board of directors and executive management with the goal of providing strategic direction, 确保目标的实现, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”
CGEIT is a terrific governance credential for managers and practitioners who utilize the learnings to assess and build the right governance systems. CGEIT teaches you that governance drives the IT security function, and this supports the business. It creates a mindset for the certification-holder that is embedded in the program he or she is running, 通过政策, 程序, 标准及指引. CGEIT presents the different principles that form frameworks like COBIT, ITIL, 项目管理知识体系, ISO 27 xx, COSO, TOGAF, Zachman, SABSA, 精益六西格玛等., and lets you pick the components that can be customized to your environment, 对于你们的治理项目, which needs to be constantly improved and innovated. The frameworks provide you with essential knowledge of global best practices that can help organizations navigate hard times, 就像今天面临的问题一样.
No organization was fully prepared for 2020 and COVID-19, but those with strong governance at the center of their IT security program are well-positioned to benefit from their resilience and adaptability.
