Model for IT governance to improve information technology alignment of multi-campuses in South African institutions of higher learning

Information Technology (IT) has emerged as an important issue for the public and private sectors. It has been initially identified as a vehicle in supporting business processes by speeding up the process of decision making and easy access of information as required for the competitive advantage of businesses. Organisations regarded IT as an enabler of their business processes. As IT has grown, its shape and definition have drastically changed from being an enabler of the business processes to become a central and strategic concern within the organisation that drives the business processes. The new IT landscape has made organisations completely dependant on IT for their decision making and effective functioning. The dependence on IT has created a need for unified and effective structures, standards and best practices that ensure the effective execution of business processes using IT. The establishment of IT Governance for institutions of higher learning has created the dual challenges of how IT Governance can work within the culture of inclusiveness and shared decision making while better aligning existing IT structures. These dual challenges vary from one university to another based on the culture of the specific university. This study therefore suggests possible ways that IT Governance can shape an institution of higher learning by strategically aligning the institution’s IT strategy with the overall university strategy through the development of an IT Governance Model. To come up with the said proposed model, qualitative research techniques such as document analysis, observations, interviews, a questionnaire and briefing sessions were used during the research process. The comparative analysis of the case studied was used to identify different IT Governance models adopted by other universities. Literature was reviewed to establish the emerging IT Governance practices established and implemented by different authors. The result from this study is that an IT Governance model specific to WSU has been developed. This model can be used as guiding tool in establishing new IT Governance structures and also modify and improve the existing IT Governance structure of different institutions of higher learning. This model can further be used to guide the development of the institution IT Governance implementation architecture framework

The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective

Technological shift has become significant and an area of concern in the health sector with regard to securing health information assets. Health information systems hosting personal health information expose these information assets to ever-evolving threats. This information includes aspects of an extremely sensitive nature, for example, a particular patient may have a history of drug abuse, which would be reflected in the patient’s medical record. The private nature of patient information places a higher demand on the need to ensure privacy. Ensuring that the security and privacy of health information remain intact is therefore vital in the healthcare environment. In order to protect information appropriately and effectively, good information security management practices should be followed. To this end, the International Organization for Standardization (ISO) published a code of practice for information security management, namely the ISO 27002 (2005). This standard is widely used in industry but is a generic standard aimed at all industries. Therefore it does not consider the unique security needs of a particular environment. Because of the unique nature of personal health information and its security and privacy requirements, the need to introduce a healthcare sector-specific standard for information security management was identified. The ISO 27799 was therefore published as an industry-specific variant of the ISO 27002 which is geared towards addressing security requirements in health informatics. It serves as an implementation guide for the ISO 27002 when implemented in the health sector. The publication of the ISO 27799 is considered as a positive development in the quest to improve health information security. However, the question arises whether the ISO 27799 addresses the security needs of the healthcare domain sufficiently. The extensive use of the ISO 27002 implies that many proponents of this standard (in healthcare), now have to ensure that they meet the (assumed) increased requirements of the ISO 27799. The purpose of this research is therefore to conduct a comprehensive comparison of the ISO 27002 and ISO 27799 standards to determine whether the ISO 27799 serves the specific needs of the health sector from an information security management point of view