An investigation of a COBIT systems security IT governance initiative in higher education.

摘要

The problem investigated, in this study, was the difficulty in implementing COBIT's Systems Security, an Information Technology governance program, at South Louisiana Community College (SLCC). The goal of the researcher was to examine the managerial aspects of introducing COBIT's fifth Delivery and Support process (DS5), successes, and the needs of a medium sized institution of higher education. The DS5 process pertains to ensuring network security. The researcher used COBIT's critical success factors, key goal indicators, key performance indicators, maturity models, audit guidelines, and diagnostic tools. In order for the researcher to develop an overall security plan that covered the building of awareness, established clear policies and standards, identified a cost-effective and sustainable implementation, and defined monitoring and enforcement processes, potential risk was balanced with the investment in resources. The plan was also made to align with the needs of all functional areas and the willingness of each functional area to tolerate the constraints the plan introduced. Prior research and theoretical literature has contributed much to the study of IT governance programs and much had been learned. The available literature surrounds six topics pertaining to IT governance including IT management, auditing, alignment, network security, IT governance, and COBIT. An exploratory case-study design was used by the researcher to answer the research questions. The general analytical strategy that was used by the researcher to answer the research questions was the development of a descriptive framework for organizing the case-study. Despite the myriad of literature on COBIT, there existed very little rigorous research. The researcher addressed this shortage and introduced the unexplored challenges of medium sized institutions of higher learning. The researcher also provided guidance to practitioners for implementing IT governance programs to medium sized institutions of higher education.; The researcher presented conclusions from the data collected to answer the research questions. The COBIT DS5 CSFs matched the environment at SLCC with a few exceptions. The four main exceptions were listed. SLCC has accepted most of the CSFs with modifications. Seventeen positive and negative management issues surfaced during the study. The nine positive issues either enhanced the support of the CSF or facilitated enhancements to the original plan. Eight negative issues prompted change. The leadership at SLCC was willing to commit to the program, but many were not sure how they could help. Ten methods for demonstrating support were listed. SLCC used six strategies to ensure compliance. Twenty-three management needs emerged at SLCC. A list was provided that summarized these needs, quantified how often they surfaced, and explained each of them. Eight leadership needs with the potential to hinder the COBIT initiative were also listed. In addition, 16 changes during the COBIT DS5 initiative were documented. Several conclusions, practitioner implications, academic implications, and suggestions for future research were presented.