IT Governance, Security, Risk Assessment

CIO

CIO is a job title given to the person in charge of information system department in an organization or government agency. The CIO oversees the acquisition, management, implementation, usage of information and information technologies. CIO is involved in analyzing and reworking existing business processes, with identifying and exploring the organization knowledge resources. CIO insure that the IS investment are continually at lined with the IT strategies, business goal and IT infrastructures that maintain the future information processing of the organization.

CIO's role

Information has to be managed similar to other important resources such as finance, material and human. Describing the CIO role has been an ongoing pursuit for researchers and practitioner, since the CIO job is characterized with brevity, variety, and fragmentation of tasks. Below is roles CIO play in an organization.

IT customer relationship: CIO and his team ability to manage good communication and interaction between IT providers and its customer is crucial to the success of both the organization and IT industry at large.

Risk management: CIO provides the platform to manage risks, enabling the organization to respond to internal and external opportunities, disruption, business demands or threat.

IT business management; in this prospect the CIO add value by

Integrate business and technology to impact innovative change.

Actively communicating with the business value of IT investment

Delivering integrated business strategy that leverage technology, managing both money spent and gained from the IT portfolio.

The position of corporate CIO continues to be one of the most politically dangerous and operationally difficult executive positions. Rapidly changing job responsibilities, dynamic organizational information requirements, and technology shifts have made the position of CIO too much to handle for one individual. High turnover rates at the CIO position attest to the severe pressure that is now being placed on individuals at the top IS spot within the firm. Failure by organizations to both acknowledge the problems being faced by CIOs and to take steps to resolve those problems will keep the "revolving door" syndrome that is now plaguing today's top business corporations "swinging". Although the IS hierarchy is conceptual, the benefits that seem to be derived from the adoption of this organizational approach make further research into this form of IS management a worthwhile proposition.

Training of Information Security and Risk Management

Baskerville and Siponen (2002) recommends collecting a comprehensive list of information security vulnerabilities. The information, which needs to be gathered and regularly updated, includes the ease and frequency of exploitation, ease and speed of recovery from exploitation. Furthermore, Baskerville (1991) suggests that information is to be gathered about all security incidents experienced by the business worldwide. This information will contain what vulnerabilities were exploited and how the response and recovery were handled.

Research conducted by Barnett and Vaicys (2000) found that several work groups kept risk information in their repository after the risks were closed. This information would be an incredible advantage to the organization on future projects. One group also documented lessons learned: When a risk was closed, they captured a record documenting the rationale for closing, successful ...