Centralised IT Structure and Cyber Risk Management

Kamran Aqeel Abbasi Abbasi, Nick Petford, Amin Hosseinian Far

Research output: Contribution to Book/ReportConference Contributionpeer-review

Abstract

Abstract. Against the backdrop of organisational needs to derive value from IT Organisations through agility, efficiencies and cost effectiveness, many organisations have adopted a decentralised IT organisational structure, ena-bling individual business units the autonomy to implement, operate and govern technology. The increase risk that poses organisations through cyber-attacks, raises the question of how IT security could effectively provide the level of organisations governance to counter cyber threats in a decentralised organisational model. In exploring the challenges in the decentralization of IT security, we highlighted that the accountability of such activities would become diluted, with each business unit managing security in their own methods and practices or lack of, while unable to take full accountability due to the complex independencies of modern system architectures, often resulting in a lack of ownership, accountability and reporting of security at an organisational group level. This ultimately increases the overall security risk to the organization. We further highlighted that while centralization of IT security at a group level would be more effective, a hybrid model of IT security at two-levels with strategy and policy at the central governance level and a degree of autonomy and decision at the IT Operational level could also be considered.
Original languageEnglish
Title of host publicationCybersecurity, Privacy and Freedom Protection in the Connected World
Subtitle of host publicationProceedings of the 13th International Conference on Global Security, Safety and Sustainability, London, January 2021
PublisherSpringer International
ISBN (Electronic)978-3-030-68534-8
ISBN (Print)978-3-030-68533-1
Publication statusAccepted/In press - 21 Feb 2021

Fingerprint Dive into the research topics of 'Centralised IT Structure and Cyber Risk Management'. Together they form a unique fingerprint.

Cite this