Information Security Control Centralization and IT Governance for Enterprises

Information Technology (IT) governance is important in every Enterprise to ensure the execution of the firm's security policies and procedures. It is a subset discipline of Corporate Governance focused on Information Technology (IT) systems and their performance and risk management. This paper sights current some problems. It also presents the framework for ensuring that the organization's policies are implemented over time. Since most of these policies require human involvement, the goals are met only if human activities can be influenced and monitored. This is the challenge to IT governance. One issue is to which IT security controls should be centralized or decentralized.