Research Repository

See what's under the surface

Managing information security risk using integrated governance risk and compliance.

Nicho, Mathew; Khan, Shafaq; Rahman, M.S.M.K.

Authors

Mathew Nicho

Shafaq Khan

M.S.M.K. Rahman

Abstract

This paper aims to demonstrate the building blocks of an IT Governance Risk and Compliance (IT GRC) model as well the phased stages of the optimal integration of IT GRC frameworks, standards and model through a longitudinal study. A qualitative longitudinal single case study methodology through multiple open-ended interviews were conducted over a period of four years (July 2012 to November 2015) in a retail financial institution. Our empirical study contributes to both academic research and practice in IT GRC. First, we identified the various building blocks of IT GRC domain from vertical as well as horizontal perspectives. Second, we methodologically demonstrated the gradual metamorphosis of the evolution of an IT GRC from a single ITG framework to multiple IT GRC building blocks. The journey thus throws light on the gradual staged process of attaining maturity in IT GRC by an organization. The resultant IT GRC model thus, guides managerial actions towards a better understanding of the positioning of IT GRC building blocks in an organization through the understanding of the interaction of vertical and horizontal domains. The results of the paper thus enable practitioners and academics to better understand and evaluate IT GRC implementation for effective governance, reduce risk and ensure compliance in organizations.

Start Date Sep 6, 2017
Publication Date Oct 23, 2017
Publisher Institute of Electrical and Electronics Engineers
Article Number 8079741
Pages 56-66
ISBN 9781538627525
Institution Citation NICHO, M., KHAN, S. and RAHMAN, M.S.M.K. 2017. Managing information security risk using integrated governance risk and compliance. In Proceedings of the 2017 International conference on computer and applications (ICCA 2017), 6-7 September 2017, Dubai, UAE. New York: IEEE [online], article number pages 8079741, 56-66. Available from: https://doi.org/10.1109/COMAPP.2017.8079741
DOI https://doi.org/10.1109/COMAPP.2017.8079741
Keywords IT GRC; IT governance; IT risk management; IT compliance; Risk management; IT GRC model; Integrated IT governance model

Files




Downloadable Citations