IT Governance: Processes for information security

0
118
it manager
Excel Spreadsheets

For companies that seek to stand out in the IT market, it is necessary to establish processes to guarantee the efficiency of the team and the quality of the product.

IT governance is responsible for managing processes, when necessary, making use of a data recovery program, whether to recover corrupted files or a forensic analysis.

The professional behaves like a computer strategist, whose goal is to keep your company's information protected. In this article we will better understand the importance of this sector.

What is IT Governance?

IT Governance is derived from Corporate Governance, which brings together the policies, rules, processes and actions that govern the entire corporation. When adopted, they should affect all users, from the C-Level to the interns.

The focus of this professional is to prevent crackers (criminals with a high knowledge of computers) from obtaining sensitive information from the company, which can compromise the data not only of the organization, but also of its customers.

Working methods

There are many frameworks that can be implemented in a company's IT Governance, which will demonstrate the efficiency of the adopted processes.

The main methodologies adopted by these Information Technology professionals are:

Information Technology Infrastructure Library (ITIL)

ITIL or “Information Technology Infrastructure Library” is a project developed in 1980 in Great Britain, which aims to document and archive as much information as possible to define best practices.

Business management processes focused on IT, studies carried out by technical teams, success stories, experiences of other professionals, books, and everything that can support the IT Governance team's hypotheses.

PMBOK (Project Management Body of Knowledge)

This is perhaps the most widespread framework in the IT area, although it can be applied in any company, regardless of its segment.

The PMBOK® aims standardize and conceptualize all processes, from different areas of knowledge, tools like a photo retriever, intrusion tests, in addition to the best techniques for project management.

Although the PMBOK® whether as a project management encyclopedia, it should not be followed to the letter. The goal is to create a standardization so that project managers have a guide of practices that have been tested and proven.

Cobit (Control Objectives for Information and related Technology)

COBIT stands for "Control Objectives for Information and related Technology" and it stands for "Objectives for Information Control and Related Technology". Created by ISACA (Information Systems Audit and Control Association), its main objective is to generate value for the company and its processes.

In this model, the processes are described, addressing the:

  • planning;
  • execution and monitoring of processes;
  • definition of objectives;
  • definition of KPIs.

During the evaluation of the models, it is possible to correct processes that are not following good practices, which also allows delegating tasks to the correct teams.

As with other tools, the goal is to organize the processes to increase the efficiency of the team and increase the company's profits.

How does data recovery work?

Gathering information is an important step for analysts, especially when they need to recover deleted files or that have been corrupted by viruses.

These files will serve as evidence in a Forensic analysis, or will assist the Information Security Analyst in identifying the source of the failure.

Next we will show the process that can be used both in the previous situations, but also when the operating system fails.

IT Governance: Processes for information security 1

On the home screen the tool shows some shortcuts that can optimize your time, especially when there is a large amount of data.

If the analyst wants to recover only the data from a specific folder, just select the option "Select Folder", and the software will retrieve all information from the directory.

Contrary to what many people think, even if you delete files from your recycle bin, you can still recover them.

This allows the security professional to identify evidence, which may have been deleted by the criminal.

The program is capable of recovering even very old files, being essential to retrieve the entire history of the hard disk.

IT Governance: Processes for information security 2

After the program starts scanning, if the desired file is found, just stop the scan and select the files that need to be recovered.

It is possible to select different disks, which allows you to analyze multiple external devices at the same time.

IT Governance

When the scan is paused, the system shows the number of files that have been recovered and the source folder.

This facilitates documentation and the efficiency of the activity.

Then just save the files on another device and proceed with the investigation. As we can see, although this is a job that requires high technical knowledge, the software makes execution simple, and can be used even by home users.

Security and organization

As we can see, having clear and well-structured procedures is fundamental to the success of IT Governance. Both the management tools and the software that are used, must be chosen strategically, aiming at performance and security.

Performs an activity such as manager? What IT Governance practices have you adopted? Share your experience with us.

Excel Spreadsheets

LEAVE AN ANSWER

Please, write your comment
Please enter your name