Search

 WHY ISACA?
 MEMBERSHIP
 CREDENTIALING
 TRAINING & EVENTS
 RESOURCES
 ENTERPRISE
 MYISACA
 SIGN IN
 SUPPORT
 JOIN
 RENEW
 CART (0)

Home / Resources / News and Trends / ISACA Now Blog / 2020 / IT Governance and the

COVID 19 Pandemic
ISACA NOW BLOG

IT Governance and the COVID-19 Pandemic

Author: Gabriel Cusu, CGEIT, CISM, CISSP, CCSP, PMP, Security Program Manager
Date Published: 12 August 2020

COVID-19 has left a deep impact on society. It still affects the way we live and the way
we work. Companies changed their delivery models, and many more people are now
working remotely to adhere to new social distancing protocols. No organization was
100% prepared for COVID-19. However, having strong governance at the center of a
company’s IT security program can make a huge difference in adapting to this changing
environment that no one pictured when making their 2020 New Year’s resolutions.

How could companies have been better prepared for this? Very few had this particular
scenario in mind, but many do have a business continuity plan (BCP). This is an
essential part of enterprise governance, and it’s based on solid risk management
principles. In COBIT 2019, the BCP (DSS04) is described as: “Establish and maintain a
plan to enable the business and IT to respond to incidents and disruptions in order to
continue operations of critical business processes and required IT services and
maintain availability of information at a level acceptable to the enterprise.” The purpose
is: “Adapt rapidly, continue business operations and maintain availability of resources
and information at a level acceptable to the enterprise in the event of a significant
disruption (e.g., threats, opportunities, demands).”

This means each company should identify which processes are critical for their
business, how IT supports them and what needs to be done in case something
happens. Different scenarios should be taken into consideration, including measures
that should be taken in case the primary site is not operational or connectivity is lost.
The IT solution should be resilient and support the company’s needs. Resilience is the
ability of a system or network to resist failure or to recover quickly from any disruption,
usually with minimal recognized effect. This is part of a healthy governance framework.

Companies are looking more and more at the cloud as a safe haven for their data. SaaS
(software as a service), PaaS (platform as a service) and IaaS (infrastructure as a
service) can be adapted to suit everyone’s needs, either as a primary or secondary
solution (enhancing the on-premise deployment). Cloud service providers offer
resilience and availability, with the benefits of lowering your CAPEX and cost for highly
skilled IT staff. But this needs to be done within your company’s governance principles
(due care/due diligence), according to the enterprise risk appetite.

Figure 1—Governance of Enterprise IT (GEIT)

What is enterprise governance? Kotter’s definition: “Enterprise governance is a set of
responsibilities and practices exercised by the board of directors and executive
management with the goal of providing strategic direction, ensuring that objectives are
achieved, ascertaining that risks are managed appropriately and verifying that the
enterprise’s resources are used responsibly.”

CGEIT is a terrific governance credential for managers and practitioners who utilize the
learnings to assess and build the right governance systems. CGEIT teaches you that
governance drives the IT security function, and this supports the business. It creates a
mindset for the certification-holder that is embedded in the program he or she is
running, through policy, procedures, standards and guidelines. CGEIT presents the
different principles that form frameworks like COBIT, ITIL, PMBOK, ISO 27xx, COSO,
TOGAF, Zachman, SABSA, Lean Six Sigma etc., and lets you pick the components that
can be customized to your environment, for the governance program you have, which
needs to be constantly improved and innovated. The frameworks provide you with
essential knowledge of global best practices that can help organizations navigate hard
times, like the ones faced today.

No organization was fully prepared for 2020 and COVID-19, but those with strong
governance at the center of their IT security program are well-positioned to benefit from
their resilience and adaptability.

Previous Article

Next Article
 ISACA NOW BY YEAR
2020

2019

2018

2017

2016

QUICK LINKS
Resources
COBIT ISACA Journal Press Releases Resources FAQs

Insights and Expertise

 Audit Programs and Tools

 Publications
 White Papers
 Engage Online Community
News & Trends

 @ ISACA
 Industry News
 ISACA Now Blog
 ISACA Podcasts
Frameworks Standards and Models

 IT Audit
 IT Risk
 Glossary





  Navigating COVID-19
 

 Website Feedback
 

 Contact Us
 

 Terms
 

 Privacy
 

 Cookie Notice
 

 Fraud Reporting
 

 ©2020 ISACA. All rights reserved.