Information Security and High-Performance IT

Studies have shown that improving IT controls does improve performance. For example, a 2007 study by the Information Technology Process Institute (ITPI) indicates six “foundational” controls that characterize high-performing IT operations:

1. Monitoring of systems for unauthorized changes.
2. Defined consequences for intentional unauthorized changes.
3. A formal process for IT configuration management.
4. An automated configuration management process.
5. Tracking of the success rate for IT changes.
6. Ability to provide personnel with correct and accurate information on the present IT infrastructure configurations, including their physical and functional specifications.

An appropriate control framework, when well-planned and suited to the organization, can be effective in reducing organizational risks and can be applied to organizational systems at a net financial benefit.

►