Professional Documents
Culture Documents
WHY ISACA?
MEMBERSHIP
CREDENTIALING
TRAINING & EVENTS
RESOURCES
ENTERPRISE
MYISACA
SIGN IN
SUPPORT
JOIN
RENEW
CART (0)
Author: Gabriel Cusu, CGEIT, CISM, CISSP, CCSP, PMP, Security Program Manager
Date Published: 12 August 2020
COVID-19 has left a deep impact on society. It still affects the way we live and the way
we work. Companies changed their delivery models, and many more people are now
working remotely to adhere to new social distancing protocols. No organization was
100% prepared for COVID-19. However, having strong governance at the center of a
company’s IT security program can make a huge difference in adapting to this changing
environment that no one pictured when making their 2020 New Year’s resolutions.
How could companies have been better prepared for this? Very few had this particular
scenario in mind, but many do have a business continuity plan (BCP). This is an
essential part of enterprise governance, and it’s based on solid risk management
principles. In COBIT 2019, the BCP (DSS04) is described as: “Establish and maintain a
plan to enable the business and IT to respond to incidents and disruptions in order to
continue operations of critical business processes and required IT services and
maintain availability of information at a level acceptable to the enterprise.” The purpose
is: “Adapt rapidly, continue business operations and maintain availability of resources
and information at a level acceptable to the enterprise in the event of a significant
disruption (e.g., threats, opportunities, demands).”
This means each company should identify which processes are critical for their
business, how IT supports them and what needs to be done in case something
happens. Different scenarios should be taken into consideration, including measures
that should be taken in case the primary site is not operational or connectivity is lost.
The IT solution should be resilient and support the company’s needs. Resilience is the
ability of a system or network to resist failure or to recover quickly from any disruption,
usually with minimal recognized effect. This is part of a healthy governance framework.
Companies are looking more and more at the cloud as a safe haven for their data. SaaS
(software as a service), PaaS (platform as a service) and IaaS (infrastructure as a
service) can be adapted to suit everyone’s needs, either as a primary or secondary
solution (enhancing the on-premise deployment). Cloud service providers offer
resilience and availability, with the benefits of lowering your CAPEX and cost for highly
skilled IT staff. But this needs to be done within your company’s governance principles
(due care/due diligence), according to the enterprise risk appetite.
CGEIT is a terrific governance credential for managers and practitioners who utilize the
learnings to assess and build the right governance systems. CGEIT teaches you that
governance drives the IT security function, and this supports the business. It creates a
mindset for the certification-holder that is embedded in the program he or she is
running, through policy, procedures, standards and guidelines. CGEIT presents the
different principles that form frameworks like COBIT, ITIL, PMBOK, ISO 27xx, COSO,
TOGAF, Zachman, SABSA, Lean Six Sigma etc., and lets you pick the components that
can be customized to your environment, for the governance program you have, which
needs to be constantly improved and innovated. The frameworks provide you with
essential knowledge of global best practices that can help organizations navigate hard
times, like the ones faced today.
No organization was fully prepared for 2020 and COVID-19, but those with strong
governance at the center of their IT security program are well-positioned to benefit from
their resilience and adaptability.
Previous Article
Next Article
ISACA NOW BY YEAR
2020
2019
2018
2017
2016
QUICK LINKS
Resources
COBIT ISACA Journal Press Releases Resources FAQs
@ ISACA
Industry News
ISACA Now Blog
ISACA Podcasts
Frameworks Standards and Models
IT Audit
IT Risk
Glossary
Navigating COVID-19
Website Feedback
Contact Us
Terms
Privacy
Cookie Notice
Fraud Reporting