Excellence is doing ordinary things extraordinarily well    

IT Governance and Network Security

 
 Importance of IT Governance

Prosperous organisations within today’s economic climate understand the benefits that IT offers and utilise this knowledge to continually push their shareholder value upwards. The increasingly critical dependence of business processes on IT is something they are fully aware of, in addition to the significance of compliance issues in line with growing regulatory demands i.e. SOX, SAS 70, FSA regulations etc.

The implementation of IT governance uses specific methodologies as a platform for enhancing control, capability and performance. With a large number of platforms, as well as an ever increasing amount of operational and technological alternatives organisations now have an immense amount of choice in relation to the extent of their security activities within each processing environment. The nature of IT Governance programmes therefore varies enormously between organisations and GA Global’s consultants have a vast amount of cross sector and programme experience.

Examples of the different governance programmes GA Global have been involved in include:

  • Development of an IT governance framework from scratch
  • Increasing process capability in order to sustain the business
  • Effective control design in order to combat inherent IT process risks
  • Implementation of process governance
  • Assessment of current process capability
  • Demonstrating value from investments in IT
  • Unification of IT requirements in line with business goals
  • Budget optimisation
  • Improving IT risk management capability
  

Back to top

 
 Network Security

Network security involves people, processes and technology, all three of which must combine, offering assurance that an organisation’s internal and external networks are protected from unauthorised access and release of secure and sensitive information.

Our consultants offer experience in evaluating organisational networks taking a wide range of risks and potential threats into consideration. Availability, reliability, recoverability, robustness and sufficient capacity capabilities are all areas that vigorously assessed. The IT knowledge base of the organisation is a further factor which is significant alongside the testing of firewalls, servers, routers, wireless devices and PC's. In addition it is vital that the security of all sites and facilities is assessed. Constructive reports listing risks and the extent of their importance in relation to potential cost and ease of implementation are compiled providing Senior Management with the tools they require in order to make business critical decisions in relation to compliance issues aside from SOX such as SAS 70.

Back to top.

 
 ISO 17799 and ISO 27001

ISO 17799 is now seen as the standard for information security and its influence has continually increased in recent years, developing in terms of scope and supporting documentation. It is a code of practice detailing over 130 specific controls, which are categorised into control objectives, listed throughout chapters.

ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS7799-2 and ft differs from ISO 17799 as it is not a code of practice but a specification for an Information Security Management System intended to provide the foundation for third party audit. This standard implements principles which govern security of information and network systems.

Back to top.

 
 Methodology

The methodologies utilised by our consultants, predominantly CobiT, help to emphasise regulatory compliance, aiding organisations in improving the value gained from IT, enabling alignment and simplifying implementation of a governance framework. Owing to the diverse client base within which GA Global’s consultants have operated, we can offer complete flexibility over expertise with specific methodologies, as well as consultants who specialise in picking up “in house” methodologies quickly and efficiently.

Back to top.

 
 Contact Us

If you would like more information about how our Compliance Division can help out with your IT Governance issues, please contact:

Compliance Division
+44 (0) 8453 313 485 +44 (0) 8452 808 822 compliance@gaglobal.eu

Back to top.