Organisations Capability and Aptitude towards IT Security Governance

In today´s more digitized world, the notion of Information Technology´s (IT) delivery of value to businesses has been stretched to mitigation of broader organisations´ risk. This has triggered the higher management levels to provide IT security in all levels of organisations´ governance and decision making processes. With such stringent governance, IT security is considered as one of the core business processes with up-to-date policies and procedures to be in placed at all levels of governance. This paper provides IT security practitioners´ view on how IT security is managed in their organisations. A close look at some of the IT security governance standards and how these standards are applied in the organisations gives us astonishing results about organisations´ capability levels with most practitioners thinking IT security processes are either not fully implemented or fail to achieve its purpose.