Impact of IT governance frameworks on information security in organizations
Main Article Content
Abstract
Protecting the company’s assets is an essential task for any organization; planning, controls and a whole deployment of activities to safeguard the company’s information is a function that every person in charge of the technological area has to be constantly monitoring, for this purpose the IT governance frameworks outline a course to be able to carry out activities that improve all the areas of an organization in terms of the use of technological resources, but it is necessary to be clear about how much it is improved. This research evaluates the impact of IT governance frameworks on information security in organizations, as well as the comparative between governance frameworks in order to reach the conclusion that IT governance frameworks are the ones that best help to preserve information security.
Article Details

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Los autores conservan los derechos de autor y ceden a la revista el derecho de la primera publicación y pueda editarlo, reproducirlo, distribuirlo, exhibirlo y comunicarlo en el país y en el extranjero mediante medios impresos y electrónicos. Asimismo, asumen el compromiso sobre cualquier litigio o reclamación relacionada con derechos de propiedad intelectual, exonerando de responsabilidad a la Editorial Tecnológica de Costa Rica. Además, se establece que los autores pueden realizar otros acuerdos contractuales independientes y adicionales para la distribución no exclusiva de la versión del artículo publicado en esta revista (p. ej., incluirlo en un repositorio institucional o publicarlo en un libro) siempre que indiquen claramente que el trabajo se publicó por primera vez en esta revista.
References
C. Ávila, E. J. Chinchilla y T. Velásquez Pérez, «It governance model for state entities, as support for compliance with the information security and privacy component in the framework of the digital government policy,» Journal of Physics: Conference Series, vol. 1409, nº 1, 2019.
H. A. F. Cano y D. P. Domínguez, «Modelo de gobierno de tecnología de la información para mejorar el desempeño de proyectos de negocio minorista. Investigación Administrativa,» Investigación Administrativa, vol. 47, nº 122, pp. 1-15, 2018.
B. Moreno, M. Muñoz, J. Cuellar, S. Domancic y J. Villanueva, «Revisiones Sistemáticas: definición y nociones básicas,» Revista clínica de periodoncia, implantología y rehabilitación oral, vol. 11, nº 3, pp. 184-186, 2018.
M. A. Vieira Vitoriano y J. Souza Neto, «Information Technology Service Management Processes Maturity in the Brazilian Federal Direct Administration,» Journal of Information Systems and Technology Management, vol. 12, nº 3, pp. 663-686, 2015.
A. Valerievich Tsaregorodtsev y V. Sergey Dmitrievich, «Improving information exchange processes when implementing the State’s information function on the internal level,» Revista Cubana de Ciencias Informáticas, vol. 15, pp. 181-198, 2021.
A. Tahar, S. Hafiez y D. Putri Kunisamari, «IT governance and IT application orchestration capability role on organization performance during the COVID-19 pandemic: An intervening of business-IT alignment,» Jurnal Ilmiah Bidang Akuntansi Dan Manajemen, vol. 18, nº 1, pp. 1-20, 2021.
M. Shariati, F. Bahmani y F. Shams, «Enterprise information security, a review of architectures and frameworks from interoperability perspective,» Procedia Computer Science, vol. 3, pp. 537-543, 2011.
R. Saneei Moghadam y R. Colomo Palacios, «Information security governance in big data environments: A systematic mapping,» Procedia Computer Science, vol. 138, pp. 401-408, 2018.
P. Saha, N. Parameswaran, P. Ray y A. Mahanti, «Ontology based modeling for information security management,» Sydney, 2011.
E. L. Riccio y M. C. G. Sakata, «Resultados Do 9o Contecsi—Congresso Internacional De Gestão Da Tecnologia E Sistemas De Informação,» Journal of Information Systems and Technology Management, vol. 9, nº 2, pp. 391-436, 2012.
M. Reza Taghva, K. Feizi, S. G. Hasan Tabatabaei y M. Tamtaji, «IT Governance restructuring challenges in cloud computing utilizing governmental enterprises,» Iranian Journal of Information Processing & Management, vol. 35, nº 3, pp. 785-816, 2020.
N. R. Mukundan y L. Prakash Sai, «Perceived information security of internal users in Indian IT services industry. Information Technology and Management,» Information Technology and Management , vol. 15, nº 1, pp. 1-8, 2014.
N. Kazemargi y P. Spagnoletti, «Cloud Sourcing and Paradigm Shift in IT Governance: Evidence from the Financial Sector,» Digital Business Transformation, vol. 38, pp. 47-61, 2020.
H. J. Kam, D. J. Kim y W. He, «Should we wear a velvet glove to enforce Information security policies in higher education? Behaviour and Information Technology,» vol. 41, nº 10, pp. 2259-2273, 2022.
L. Goncalves de Paula, R. Mendes Araujo, A. Kiyoshi Tanaka y C. Cappelli, «Ict Strategic Planning at Public Higher Educational Organizations: Building an Approach Through Action Research at Unirio,» Journal of Information Systems and Technology Management, vol. 12, nº 2, pp. 351-370, 2015.
E. Ferneda, L. B. Nunes Alonso y L. Vieira Braga, «Digital certification in the Brazilian e-government,» JISTEM: Journal of Information Systems and Technology Management, vol. 8, nº 2, pp. 331-346, 2011.
D. De Smet y N. Mayer, «Integration of IT governance and security risk management: A systematic literature review,» International Conference on Information Society (i-Society), pp. 143-148, 2016.
J. Coertze y R. Von Solms, «A Software Gateway to Affordable and Effective Information Security Governance in SMMEs,» de Information Security South Africa, Johannesburg, 2013.
W. Chai, «Analyzes and solves the top enterprise network data security issues with the web data mining technology,» de 2009 First International Workshop on Database Technology and Applications, Wuhan, 2009.
S. Carturan y D. Goya, «A systems-of-systems security framework for requirements definition in cloud environment,» de ECSA ‘19: Proceedings of the 13th European Conference on Software Architecture, Paris, 2019.
A. M. Carlos Junior, C. A. Biancolino y E. A. Maccari, «Cloud Computing and Information Technology Strategy,» Journal of Technology Management & Innovation, vol. 8, nº 1, pp. 178-188, 2013.
S. Caraturan y D. Goya, «Major Challenges of Systems-of-Systems with Cloud and DevOps—A Financial Experience Report,» de 2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES), Montreal, 2019.
S. C. Boni Barbosa, I. Aparecido Rodello y S. I. Dallavalle de Padua, «Performance Measurem Ent of Information Technology Governance in Brazilian Financial Institutions,» Journal of Information Systems and Technology Management, vol. 11, nº 2, pp. 397-414, 2014.
R. Amanda Putri y F. Hussaini Srg, «Analisis Tata Kelola Sistem Informasi Dengan Framework COBIT-5: Studi Kasus Pada PT. Batu Karang,» Jurnal Sistem Informasi , vol. 4, nº 1, 2020.
M. O. Alassafi, R. K. Hussain, G. Ghashgari, R. J. Walters y G. B. Wills, «Security in organisations: Governance, risks and vulnerabilities in moving to the cloud,» de Enterprise Security Springer, 2017, pp. 241-258.