Abstract. Against the backdrop of organisational needs to derive value from IT Organisations through agility, efficiencies and cost effectiveness, many organisations have adopted a decentralised IT organisational structure, ena-bling individual business units the autonomy to implement, operate and govern technology. The increase risk that poses organisations through cyber-attacks, raises the question of how IT security could effectively provide the level of organisations governance to counter cyber threats in a decentralised organisational model. In exploring the challenges in the decentralization of IT security, we highlighted that the accountability of such activities would become diluted, with each business unit managing security in their own methods and practices or lack of, while unable to take full accountability due to the complex independencies of modern system architectures, often resulting in a lack of ownership, accountability and reporting of security at an organisational group level. This ultimately increases the overall security risk to the organization. We further highlighted that while centralization of IT security at a group level would be more effective, a hybrid model of IT security at two-levels with strategy and policy at the central governance level and a degree of autonomy and decision at the IT Operational level could also be considered.
|Title of host publication||Cybersecurity, Privacy and Freedom Protection in the Connected World|
|Subtitle of host publication||Proceedings of the 13th International Conference on Global Security, Safety and Sustainability, London, January 2021|
|Publication status||Accepted/In press - 21 Feb 2021|