Information technology governance: An exploratory study of the impact of organizational information technology security planning

An effective IT governance plan must include a sound security planning methodology. This dissertation presents research based on the maturing IT security governance planning methodologies currently now gaining a wider acceptance with organizations. The study is based on a survey of current methodologies in use within organizations and seeks to determine whether the use of such methodologies is effective for an organization embarked on the creation and execution of a security governance plan. An analysis of the data suggests that this research contributes to the development of an information security governance plan by introducing International Organization for Standardization (ISO 17799), Information Technology Infrastructure Library (ITIL), and Control Objectives for Information and Related Technology (COBIT) methodologies in practice. The results show that many organizations use standardized security governance methodologies and have in place the control structures required to monitor these methodologies. This in turn strongly suggests that such organizations practice these standardized methodologies. Because organizations in the population sample have established steering committees and align their practices to their governance plans, these organizations may be said to follow a standardized security methodology. This topic will continue to evolve as more and more organizations develop and use a combination of security planning methodologies.