9 Key Steps to Enable IT Governance (part 3 of 3)

Every IT organization needs governance in order to work properly. What does “working properly” mean? It is meeting its purpose: creating value by supporting business goals, and moreover in this digital age, enabling business goals. In this series I have been listing the key items required to enable a governance approach in an IT organization and explaining each of them. Here … Read More

9 Key Steps to Enable IT Governance (part 2 of 3)

In this series I have been listing the key items required to enable a governance approach in an IT organization and explaining each of them. On the first part of this blog series we talked about identifying all relevant stakeholders and their needs, define clear goals and build a policy framework, and set the right culture and enforce the desired behavior in … Read More

9 Key Steps to Enable IT Governance (part 1 of 3)

9 Key Steps to Enable IT Governance (part 1 of 3) On the previous post we discussed the importance of IT Governance for the success of IT—that is, effectively supporting enterprise objectives through the use of IT, by correctly aligning IT goals with business goals. It is easy to say that IT Governance is the key to a successful IT department, but … Read More

What Makes IT to Be Successful?

What Makes IT to Be Successful? Perhaps many IT professionals have made this question themselves, and indeed there are many answers that may seem correct. But let me provide more context to this question, and I will explain it with an example. ITIL®, the most well-known source of best practices for IT Service Management around the world, has been widely … Read More

The Real Scope of DevOps

Many people believe that DevOps is just meant for Development staff and IT Operations staff. Many with lower levels of curiosity who have not taken the time to read about it, even think it’s just one more Agile approach to be adopted by software developers. The Evolution of DevOps Since its first conception back in 2009, the term “DevOps” intended … Read More

RESILIA®: The Evolution from Information Security to Cyber Resilience

RESILIA®: The evolution from “Information Security” to “Information Cyber Resilience” For many years, companies have focused large part of their IT efforts on the protection of their business information. By implementing controls based on security standards such as ISO/IEC 27000 or NIST, they have sought after the absolute avoidance of a cyber-attack that could result in a negative impact for … Read More

The Link between the NIST Cybersecurity Framework and COBIT® 5

The Paramount Link between the NIST Cybersecurity Framework and COBIT® 5 As we discussed in the previous post, ISACA developed, through an international partnership of small and large organizations, the CSX program—a special training program based on the NIST Cybersecurity Framework, to develop IT Security Professionals’ cybersecurity capabilities. Organizations that want to implement the NIST Cybersecurity Framework will find the CSX … Read More

ISACA’s CSX: The Newest Cybersecurity Training Program

ISACA’s CSX: The Newest Cybersecurity Training Program There is no doubt that the evolution of the Internet and many other emerging technologies will affect business processes, especially in the privacy and security aspects. No organization can just be prepared to face these challenges; they have to be proactive, accept the change and be prepared to adapt and quickly innovate as … Read More

Using DevOps for Improving Cybersecurity

Using DevOps for Improving Cybersecurity In the current digital era, IT organizations are striving to become more efficient and continually respond to the ever-changing customer, business and market requirements. The responsibility of IT to support – and even manage – business processes is increasingly growing, and this fact has changed the way IT organizations work internally, as IT needs to … Read More

NIST Cybersecurity Framework: A Standard Designed for the USA Government, yet Useful for Any Organization

Government agencies are perhaps more vulnerable than companies to cyberattacks; and many times, the information they host is much more confidential and critical in nature than that of other organizations. Hence the need for a specific framework that guides government agencies in the correct protection of the information they hold. What is NIST? The National Institute of Standards and Technology … Read More