E-health plays an essential role in supporting health care in today’s digital society; it is perceived as crucial for high quality and cost-effective health care. However, getting the expected benefits from e-health has been difficult to demonstrate.
There has been a growing interest in adopting e-health governance frameworks to obtain reassurance that investments return the expected results in health care. However, how IT governance is implemented within health care and the actual impact on strategic alignment remains poorly understood.
My recent Journal article presents the findings from a recent comprehensive technical report on e-health governance. The report explores the application of well-known frameworks (e.g., COBIT and ITIL) within the National Health Services (NHS) in Scotland and their impact on e-health governance maturity and strategic alignment with health care. The report mainly presents results of a longitudinal study conducted since 2008 within Scottish health care organisations, but it offers cross-national and cross-sectoral benchmarking. My Journal article discusses the implication of these report findings.
Our recent Journal article proposes a hybrid IT governance framework, enterprise resource planning/business process management/saving, investing and returning value (ERP-BPM-SIRV), for academic institutes to follow for effective implementation of ERP. The ERP-BPM-SIRV framework is a useful tool for c-suite decision makers at academic institutes as it details a series of sequential steps along with feedback loops and provides an exhaustive set of actions to take over time. The framework also focuses on the “what” (decisions are being taken) and “who” (made decisions). The ERP-BPM-SIRV framework has been formulated based on the study of an ERP implementation at an Indian business school.
In my recent Journal article, I presented a review and pragmatic steps for the implementation of continuous control monitoring (CCM) for IT general controls. My approach has now been considered in 2 CCM implementations for use across enterprise change management, incident management and antivirus management controls.
This CCM approach started with a top-down analysis of control objectives to determine which formal assertions to test. The implementations focused initially only on existence tests (i.e., does a change have an approval) and, therefore, took more of a bottom-up approach to look at the data, what could be done with them and what other assertions were possible.
The Internet of Things (IoT) is changing how people and technology interact. With billions of devices projected to be connected in the near future, the opportunity to be innovative is amazing.
In recent months, there have been several publications discussing the IoT, with many articles in favor of it and many against it. On one hand, it is said that all things should be connected: refrigerators, coffee machines, wearables, microwaves, umbrellas, fitness bands and drones. On the other hand, there is an opinion that this trend needs to be stopped, regulated or banned by government organizations because of security and privacy concerns. For example, the US Federal Trade Commission (FTC) publicly raised concerns about the security risk associated with the rising number of interconnected systems and devices.
It is easy to second guess organizations after an attack as opposed to working with them on cybersecurity or information security initiatives. But this questioning can also offer some benefit, helping the security professionals learn what could have been done to defend the organization against the cyberattack. The following is a brief look at the attacks on Sony, Morgan Stanley and Anthem as a sample across the entertainment, financial and health insurance industries:
I would suggest that there are specific COBIT® 5 processes and practices that can be effective in halting or minimizing these types of attacks.