Australian Information Security Management Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


8th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, 30th November 2010


Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the maturity level of IT security governance in Australian organisations against the well known Capability Maturity Model® (CMM.)