The IT management framework
The assignment is two parts and it’s supposed to be written in two separate parts.
Some background info on this assignment: this is a role-playing class. Padgett-Beale is a fictional company. These should be written in the persona (character) of a an employee working in the assigned company.
You have been invited to attend a meeting of Padgett-Beale’s IT Governance Board. This board operates under authority delegated by the corporate governance board and focuses upon the ensuring that the company achieves maximum value for each dollar spent on information technology capabilities. This board’s charter gives it responsibility for governance, risk management, and compliance management (GRC) for corporate IT processes, policies, and technologies. Members of the board each serve for a three year term. Of the 24 members, 8 have just begun their terms.
For this meeting’s program, the chairperson of the IT Governance Board has asked each of the management interns to prepare and deliver a 5-minute informative speech on a relevant topic (see list below). Your speech should be directed towards the newly selected members of this board who have not yet had time to become familiar with all of the board’s responsibilities.
Choose one of the following IT management / IT security management frameworks as the topic of your speech.
- ISO 27001/27002 (ISMS Program Management)
- NIST Cybersecurity Framework
- NIST Security and Privacy Controls (NIST SP 800-53)
- NIST Risk Management Framework (NIST SP 800-37)
- Business Model for Information Security (People, Processes, Policies & Technologies)
Here are some links:
Read the article Extortion by Email and the analysis paper Extortion on the Job (posted in Week 7).
As you read, look for information about how the company managed IT risks related to malware and attacks.
What do you think? Were the company’s policies and enforcement actions consistent with its desires to reduce risk? Why or why not?
Solution PreviewThe IT management framework that I would like to discuss with you today is the COBIT system also referred to as Control objectives for Information and Related Technologies. In the past decade, the much advancement that has been…