ISACA Journal
Volume 3, 2,015 

Book Reviews 

IT Security Governance Innovations—Theory and Research 

Daniel Mellado, Luis Enrique Sanchez, Eduardo Fernandez-Medina and Mario Piattini | Reviewed by A. Krista Kivisild, CISA, CA, CPA 

With new technology supporting all areas of life, management increasingly needs to evaluate the areas of risk and concern that they need to be aware of and address within the business. Recent studies on IT risk areas indicate the following areas of concern: the rising strategic importance of corporate information and data,1 data governance and data quality in support of broader business audit review, recent systems failures that impacted retail banking customers,2 concerns over increased regulation, and insufficient preparation for cyberthreats.3 These same studies support the proposal that one of the best ways to address these issues is a greater focus on IT governance.

IT Security Governance Innovations discusses a variety of academic studies in the areas of IT security governance and security standards, and it has information on guidelines in IT security governance and IT security governance innovations. This research forms the foundational groundwork to understand IT security governance, and it demonstrates how these concepts have been applied in different industries around the world.

This reference book appeals to researchers and more experienced professionals, as the subjects and techniques in the book form a solid basis to help readers make good decisions and apply effective security governance practices. A compilation of 11 different studies from researchers associated with universities around the world, the first part of the book looks at security governance frameworks, the next examines enterprise-level security governance practices, and, finally, there is an exploration of the most recent issues in information and security governance.

The book’s strengths lie in its deep exploration of a wide range of IT security governance topics that will be of interest to a variety of professionals across industry verticals. Topics include a comparison of information security frameworks, IT security governance in e-banking, IT security governance legal issues, IT service management, assessing the maturity of the COBIT framework, adoption of ISO 27001 and more.

These detailed studies may be relevant to a wide range of IS audit, security, risk and governance professionals; however, those who are less seasoned in the field may find the book to be an interesting read but too technical in nature. Professionals who have worked across different industries and implemented different frameworks but never had the time to do an in-depth comparison will find that this book answers many of their questions and provides insights and guidance on contemporary well-studied approaches for a variety of modern IT security and governance areas.

Progressively increasing technology in the world requires the need for governance and security systems to also become progressively more sophisticated, to have well-supported solutions and to rely upon industry standard frameworks that have been pragmatically applied to the individual organization. IT Security Governance Innovations will help readers better support their organizations in achieving these goals.

Editor’s Note

IT Security Governance Innovations: Theory and Research is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this issue of the Journal, visit, email or telephone +1.847.660.5650.


1 Kann, Ronnie; et al.; “2015 IT Audit Plan Hot Spots,” CEB Audit Leadership Council, 1 November 2014,
2 Sobers, Mike; et al.; “Under Control 2015 Hot Topics for IT Internal Audit in Financial Services,” Deloitte UK LLP, 1 January 2014,
3 Protiviti, “Cybersecurity Concerns Rise as a Risk Factor for Board Members and Senior Executives in 2015,”

Reviewed by A. Krista Kivisild, CISA, CA, CPA, who has experience in IT audit, governance, compliance/regulatory auditing, value-for-money auditing and operational auditing in government, private companies and public organizations. She has served as a volunteer instructor, worked with the Alberta (Canada) Government Board Development Program, and served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.