NUST Institutional Repository
A Framework for Integrating & Automating Organizational IT Governance, Risk and Compliance
- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Security
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Khalil, Fatima | |
| dc.date.accessioned | 2024-08-29T10:41:00Z | |
| dc.date.available | 2024-08-29T10:41:00Z | |
| dc.date.issued | 2024 | |
| dc.identifier.other | 364462 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/46158 | |
| dc.description | Supervisor: Dr. Hasan Tahir | en_US |
| dc.description.abstract | Aconstantly evolving regulatory and technology landscape requires the rapidly growing organizations to adopt an integrated approach that automates their risk and compli ance related activities and ensure the implementation of best security practices in IT operations and management. To integrate the three domains i.e. governance, risk and compliance, a term GRC has been established that integrates and automates the over all governance, risk management and compliance management processes. In past, all three domains have dealt with in silos that usually resulted in generating less busi ness values, but now there has been improvements and various GRC solutions and frameworks have developed and implemented across organizations that supports the integration of various domains. In this research work, we are working on sub-domain of GRC also referred as IT GRC that supports the operations of organizational infor mation technology. IT GRC deals with the issues related to IT & data governance, IT risk management, IT compliance processes, IT performance, IT security, IT invest ments and IT revisions and supports the organizational goals. In case of IT GRC, some research work has been done but most of the work is proposed after merging the high-level processes from existing standards. These high-level process models failed to identify the paths in various domains that can lead toward the integration of gover nance, risk, and compliance. Moreover, existing research work either avoids the security aspect of IT GRC or deals the IT GRC and IT security separately due to underlying IT infrastructure complexity. So, in this research work, we have adopted a bottom-up approach which synthesize the key observations and findings, obtained from the sys tematic literature review of existing research work and theoretical analysis of relevant standards and frameworks, into integrated IT GRC framework. This framework can support the organizations in the identification of key components, elements and best practices that must be considered, while building the integrated and automated IT GRC system. This framework enables the organization to manage the IT governance, IT risk and IT compliance in an integrated manner and allow the IT decisions to be made and risks, compliance, and security activities to be managed in an effective and efficient manner. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | School of Electrical Engineering & Computer Science (SEECS), NUST | en_US |
| dc.subject | GRC, IT GRC, IT governance, IT risk management, IT compliance, Theoretical framework, Conceptual framework, Systematic review, Conceptual Model | en_US |
| dc.title | A Framework for Integrating & Automating Organizational IT Governance, Risk and Compliance | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [146]