Authors: Tanveer A Zia and Zeeshan Ahmad
Information Technology Security Governance (ITSG) provides organizations a roadmap to Information and Communication Technology (ICT) infrastructure protection with goals and objectives to design the security governance processes in align with national and international governance frameworks. Organizations in Australia are still at infancy stages of adopting IT governance processes. Organizations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This paper investigates IT securitygovernance specifically in Australian organizations. Theobjective is to bring the Australian organizations in alignmentwith international standards and frameworks in terms of integration of information security, IT audits, risks and controlmeasures. A survey of selected organizations is conducted and results are presented in this paper identifying the maturity level of IT security governance in Australian organizations against the well known Capability Maturity Model® (CMM).
Keywords: IT security governance, information security, governance standards, risk management, compliance