Chapter 1 - Modernizing Technology Governance (MTG)
Organizations continue to labor over demonstrating their alignment with security, compliance and audit assertions across both information technology environments and compliance régimes. Additionally, the majority of technology governance processes rely predominantly on administrative and operational security controls with ZERO technology enforcement.
Traditional IT governance is designed to track and manage IT assets (systems, services and hardware) are implemented and used according to agreed-upon written policies, procedures and/or regulatory requirements. These processes usually involve establishing a board made up of both business and IT representatives. The board creates rules and processes that the organization must follow to ensure that policies are being met. This might include understanding business issues such as regulatory requirements or funding for development and establishing best practices along with monitoring these processes are working effectively. All of this sounds reasonable and should in theory work as a way to track responsibility for things like adhering to standards, proper architectural design, security reviews, certification, and monitoring applications from a technical perspective.
The reality is manual IT governance is not working for the majority of organization. These processes, procedures and workflows have constrained innovation and time to market for business. Organizational users ...