Skip to main content
SpringerLink
Log in

A Context Adaptive Framework for IT Governance, Risk, Compliance and Security

  • Conference paper
  • First Online:
Context-Aware Systems and Applications, and Nature of Computation and Communication (ICTCC 2017, ICCASA 2017)

  • 634 Accesses

Abstract

The technological solutions offered today evolve at a rapid pace, as this happens, risk management and security practices are becoming more relevant and in fact, now a necessity for most growing organisation. Governance, Risk management and compliance (GRC) are established and well-adhered functions in a business which have individually always been very important in business management. As individual topics, the application of all concepts have been fundamental for businesses in order to manage risks. However, over the years, the term GRC was developed and applied to describe the integration between the various areas due to the reason that a monolithic approach between the functions was no longer feasible in successful management of business risk. However IT GRC has been dealt with an isolated manner from IT Security. In this paper we explore IT GRC and Security and propose an integrated context adaptive framework that addresses the problems of monolithic approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IBM: SAP Security and GRC Services (2015). https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SES03016USEN

  2. ISACA: The Risk IT Framework – Excerpt (2009). http://www.isaca.org/knowledge-center/research/documents/risk-it-framework-excerpt_fmk_eng_0109.pdf

  3. De Smet, D., Mayer, N.: Integration of IT governance and security risk management : a systematic literature review, no. 1, pp. 143–148 (2016)

    Google Scholar 

  4. Racz, N., Seufert, A., Weippl, E.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010), p. 155 (2010)

    Google Scholar 

  5. Kuppinger, M.: IT GRC and IT Security - Where is the link? (2010). https://www.kuppingercole.com/blog/kuppinger/grc_it_security_link180210

  6. Vicente, P., Da Silva, M.M.: A business viewpoint for integrated IT governance, risk and compliance. In: 2011 IEEE World Congress on Services, pp. 422–428 (2011)

    Google Scholar 

  7. Racz, N., Weippl, E., Seufert, A.: A frame of reference for research of integrated governance, risk and compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 106–117. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13241-4_11

    Chapter  Google Scholar 

  8. Recor, J., Xu, H.: GRC technology introduction. In: Tian, W. (ed.) Commercial Banking Risk Management, pp. 305–331. Palgrave Macmillan US, New York (2017). https://doi.org/10.1057/978-1-137-59442-6_14

    Chapter  Google Scholar 

  9. Racz, N., Weippl, E., Seufert, A.: Governance, risk & compliance (GRC) software – an exploratory study of software vendor and market research perspectives, pp. 1–10 (2011)

    Google Scholar 

  10. Smith, R.: Seven things you need to know about IT controls. SOX Committee Integration Consortium (2004). www.integrationconsortium.org

  11. COSO (2004). https://www.coso.org/documents/COSOBoardsERM4pager-FINALRELEASEVERSION82409_001.pdf

  12. Fowler-Rians, K.: Determinants of federal regulation compliance: a study of the employee trip reduction program. Unpublished Doctoral Dissertation, University of Houston (1997)

    Google Scholar 

  13. Frigo, M.L., Anderson, R.J.: A strategic framework for governance, risk, and compliance. Strateg. Financ. 90(8), 20–61 (2009)

    Google Scholar 

  14. Rasmussen, M.: Value of a Common Architecture for GRC Platforms Business Burdened by Varying Risk & Value of a Common, pp. 1–8 (2010)

    Google Scholar 

  15. Asnar, Y., Massacci, F.: A method for security governance, risk, and compliance (GRC): a goal-process approach. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 152–184. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23082-0_6

    Chapter  Google Scholar 

  16. Rashid, F.: How to Leverage GRC for Security (2013). http://www.bankinfosecurity.com/how-to-leverage-grc-for-security-a-6164

  17. Anand, S.: Technology and the Integration of Governance, pp. 57–59, December 2010

    Google Scholar 

  18. AMR Research: November 2009 GRC in 2010 : $ 29.8B in Spending Sparked by Risk, Visibility, and Efficiency (2010)

    Google Scholar 

  19. Linkous, J.: Put the “i” in IT compliance. Commun. News 45(12), 26 (2008)

    Google Scholar 

  20. Ekelhart, A., Fenz, S., Klemen, M., Weippl, E.: Security ontologies: improving quantitative risk analysis. In: Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 1–7 (2007)

    Google Scholar 

  21. Damianides, M.: Sarbanes-Oxley and it governance: new guidance on it control and compliance. Inf. Syst. Manag. 22(1), 77–85 (2005)

    Article  Google Scholar 

  22. Grob, H.L., Strauch, G., Buddendick, C.: Applications for IT-risk management – requirements and practical evaluation, pp. 758–764 (2008)

    Google Scholar 

  23. Kraemer, S., Carayon, P.: Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl. Ergon. 38, 143–154 (2007)

    Article  Google Scholar 

  24. Chang, S.E., Ho, C.B.: Organizational factors to the effectiveness of implementing Information security management. Ind. Manag. Data Syst. 106(3), 345–361 (2006)

    Article  Google Scholar 

  25. Kankanhalli, A., Teo, H.-H., Tan, B.C., Wei, K.-K.: An integrative study of information systems security effectiveness. Int. J. Inf. Manag. 23, 139–154 (2003)

    Article  Google Scholar 

  26. Werlinger, R., Hawkey, K., Beznosov, K.: An integrated view of human, organizational, and technological challenges of IT security management. Inf. Manag. Comput. Secur. 17(1), 4–19 (2009)

    Article  Google Scholar 

  27. Da Veiga, A., Eloff, J.: An information security governance framework. Inf. Syst. Manag. 24(4), 361–372 (2007)

    Article  Google Scholar 

  28. Parent, M., Reich, B.: Governing information technology risk. Calif. Manag. Rev. 51(3), 134–152 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems and Operations Management, University of Auckland, Auckland, 1142, New Zealand

    Shree Govindji, Gabrielle Peko & David Sundaram

Authors
  1. Shree Govindji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabrielle Peko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Sundaram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gabrielle Peko .

Editor information

Editors and Affiliations

  1. Nguyen Tat Thanh University, Ho Chi Minh City, Vietnam

    Phan Cong Vinh

  2. Quang Nam University, Tam Ky City, Vietnam

    Nguyen Ha Huy Cuong

  3. University of Limerick, Limerick, Ireland

    Emil Vassev

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Govindji, S., Peko, G., Sundaram, D. (2018). A Context Adaptive Framework for IT Governance, Risk, Compliance and Security. In: Cong Vinh, P., Ha Huy Cuong, N., Vassev, E. (eds) Context-Aware Systems and Applications, and Nature of Computation and Communication. ICTCC ICCASA 2017 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 217. Springer, Cham. https://doi.org/10.1007/978-3-319-77818-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-77818-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-77817-4

  • Online ISBN: 978-3-319-77818-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation