Dimensions and Operationalisations of IT Governance: A Literature Review and Meta-Case Study

Novotny, Alexander, Bernroider, Edward, Koch, Stefan

January 2012

This paper seeks to tackle the current confusion about the constituent dimensions of IT Governance (ITG) and inconsistent operationalisation approaches inhibiting advances in research and organisational ITG practice. Through a structured literature review of ranked high-quality publications augmented by a meta-case study with five underlying projects, we find nine distinct dimensions of ITG. The input-oriented dimensions Compliance Management, IT Investment Management and ITG Improvement have received little attention in earlier conceptualisations, while the more output-oriented dimensions Business/IT Alignment and Business Value Delivery have featured more often in related studies. Scope and application of ITG may depend on the organisational context and the intentional use, such as regulatory or strategic. Depending on the context, more research seems to be warranted to develop context-dependent measurement constructs of ITG that can be compared over studies. (author's abstract)

Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readiness

Stauber, Sebastian

January 2018

The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.

GDPR

Privacy

Data Protection

Information Security

Privacy Governance

Information Governance

IS Governance

IT Governance

IT Compliance

GDPR Implementation

Privacy Regulation

Economics and Business

Ekonomi och näringsliv