Acknowledgements

I would like to acknowledge Professor Richard Halstead-Nussloch from Kennesaw State University. Without his instruction in IT7833: IT Strategy, Policy, and Governance this Toolkit would not exist.

References

1. CSRC, & NIST. (2020, June 22). Access Control Policy and Implementation Guides. Retrieved February 21, 2021, from https://csrc.nist.gov/projects/access-control-policy-and-implementation-guides#:~:text=Access%20control%20policies%20are%20high,access%20information%20under%20what%20circumstances.&text=At%20a%20high%20level%2C%20access,structure%20that%20a%20system%20provides.

2. Wikipedia. (2020, December 20). Benchmarking. Retrieved February 07, 2021, from https://en.wikipedia.org/wiki/Benchmarking

3. CIO Index. (2021, February 06). Business Strategy. Retrieved February 07, 2021, from https://cio-wiki.org/wiki/Business_Strategy#Business_and_IT_Alignment

4. Wikipedia. (2021, February 05). Business Model. Retrieved February 07, 2021, from https://en.wikipedia.org/wiki/Business_model

5. Wikipedia. (2021, February 11). Policy. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/Policy

6. Twin, A., Anderson, S., & Investopedia. (2020, July 07). Competitive advantage: What gives companies an edge. Retrieved March 07, 2021, from https://www.investopedia.com/terms/c/competitive_advantage.asp#:~:text=Competitive%20advantage%20refers%20to%20factors,compared%20to%20its%20market%20rivals

7. CIO Index. (2021, February 06). Enterprise Architecture. Retrieved February 07, 2021, from https://cio-wiki.org/wiki/Enterprise_Architecture

8. NIST. (2017, April). Access Rights Management. Retrieved March 07, 2021, from https://www.nccoe.nist.gov/sites/default/files/library/fact-sheets/fs-arm-fact-sheet.pdf

9. Cambridge Dictionary. (n.d.). Framework. Retrieved February 07, 2021, from https://dictionary.cambridge.org/us/dictionary/english/framework

10. Wikipedia. (2021, January 15). The Principles of Scientific Management. Retrieved March 07, 2021, from https://en.wikipedia.org/wiki/The_Principles_of_Scientific_Management

11. Wikipedia. (2021, March 02). Governance. Retrieved March 07, 2021, from https://en.wikipedia.org/wiki/Governance#Governance_as_process

12. Wikipedia. (2021, January 17). Governance, Risk Management, And Compliance. Retrieved March 07, 2021, from https://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance#cite_note-4

13. Wikipedia. (2021, January 22). Regulation. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/Regulation

14. Wikipedia. (2020, September 19). Information Policy. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/Information_policy

15. CIO Wiki. (2021, February 06). IT Capability. Retrieved March 07, 2021, from https://cio-wiki.org/wiki/IT_Capability#cite_note-1

16. Etienne, & Beverly Wenger-Trayner. (2015). Introduction to communities of practice. Retrieved January 24, 2021, from https://wenger-trayner.com/introduction-to-communities-of-practice/

17. IT 7833 Course Content. Spring 2021 Semester. Professor Richard Halstead-Nussloch. Kennesaw State University.

18. CIO Wiki. (2021, February 06). IT Governance. Retrieved March 07, 2021, from https://cio-wiki.org/wiki/IT_Governance#IT_Governance_Frameworks

19. Wikipedia. (2019, February 28). Policy Framework. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/Policy_framework

20. Wikipedia. (2020, October 04). IT Risk Management. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/IT_risk_management

21. Wikipedia. (2020, December 24). NIST Cybersecurity Framework. Retrieved February 21, 2021, from https://en.wikipedia.org/wiki/NIST_Cybersecurity_Framework

22. State of Georgia. (n.d.). Enterprise Policies, Standards, and Guidelines. Retrieved February 21, 2021, from https://gta-psg.georgia.gov/enterprise-policies-standards-and-guidelines

23. Wikipedia. (2021, January 19). SWOT Analysis. Retrieved February 07, 2021, from https://en.wikipedia.org/wiki/SWOT_analysis

24. Wikipedia. (2021, February 16). Transaction Cost. Retrieved March 07, 2021, from https://en.wikipedia.org/wiki/Transaction_cost

25. Wikipedia. (2021, March 02). Value Chain. Retrieved May 05, 2021, from https://en.wikipedia.org/wiki/Value_chain#:~:text=A%20value%20chain%20is%20a,or%20service)%20for%20the%20market.&text=The%20concept%20of%20value%20chains,Porter%20as%20early%20as%201979

26. Advameg, Inc. (n.d.). Value Creation. Retrieved February 07, 2021, from https://www.referenceforbusiness.com/management/Tr-Z/Value-Creation.html

27. NIST. (2018, April 16). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved February 21, 2021, from https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

28. East Coast Polytechnic Institute. (n.d.). ECPI Blog: The NIST Cybersecurity Framework. Retrieved February 21, 2021, from https://www.ecpi.edu/blog/top-principles-nist-cybersecurity-framework#:~:text=NIST%20Framework%20Benefits&text=Improved%20collaboration%20between%20organizations%2C%20and,Improved%20use%20of%20security%20budgets

29. Malimage, K., Raddatz, N., Trinkle, B. S., Crossler, R. E., & Baaske, R. (2020). Impact of Deterrence and Inertia on Information Security Policy Changes. Journal of Information Systems, 34(1), 123–134. https://doi.org/10.2308/isys-52400

30. Gwebu, K. L., Wang, J., & Hu, M. Y. (2020). Information security policy noncompliance: An integrative social influence model. Information Systems Journal, 30(2), 220–269. https://doi.org/10.1111/isj.12257

31. Network Coverage. (2020, February 21). Creating An Effective IT Strategy. Retrieved February 07, 2021, from https://www.netcov.com/what-does-effective-it-strategy-begin-with/

32. Pyne, B., & Xpective, Inc. (2020, June 16). IT Strategy vs Business or Corporate Strategies. Retrieved February 07, 2021, from https://techspective.net/2020/06/16/it-strategy-vs-business-or-corporate-strategies/

33. Calder, A. (2011). IT governance. [electronic resource] : guidelines for directors (1st edition). IT Governance Pub.

34. Downey, L., Scott, G., & Investopedia. (2021, January 19). Transaction Costs. Retrieved March 07, 2021, from https://www.investopedia.com/terms/t/transactioncosts.asp

35. Lipovich, I., & Forbes Business Council. (2020, October 06). How To Use Technology To Gain A Sustainable Competitive Advantage. Retrieved March 07, 2021, from https://www.forbes.com/sites/forbesbusinesscouncil/2020/10/06/how-to-use-technology-to-gain-a-sustainable-competitive-advantage/?sh=2d8bd5a1328c

36. Lindros, K., & IDG Communications, Inc. (2017, July 31). What is IT Governance? A Formal Way to Align IT & Business Strategy. Retrieved March 07, 2021, from https://www.cio.com/article/2438931/governanceit-governance-definition-and-solutions.html

37. Lindros, K., & IDG Communications, Inc. (2017, July 11). What is GRC and Why Do You Need It? Retrieved March 07, 2021, from https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html

38. University System of Georgia. (2021, February 20). Regulatory Requirements Supporting Cybersecurity Awareness Training: A USG IT Handbook Companion Guide. Retrieved May 08, 2021, from https://www.usg.edu/information_technology_services/assets/information_technology_services/documents/ITHB_SATE_Regs_Guide_(v2).pdf

39. Magee, K., & InfoSec Institute. (2018, January 18). IT Auditing and Controls – Planning the IT Audit. Retrieved May 08, 2021, from https://resources.infosecinstitute.com/topic/itac-planning/

40. Poston, H., & InfoSec Institute. (2021, February 11). Top Threat Modeling Frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK Framework and More. Retrieved May 08, 2021, from https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride-owasp-top-10-mitre-attck-framework/

41. Magee, K., & InfoSec Institute. (2021, March 8). IT Auditing and Controls: A Look At Application Controls [Updated 2021]. Retrieved May 08, 2021, from https://resources.infosecinstitute.com/topic/it-auditing-and-controls-a-look-at-application-controls/

42. Cichonski, P., Millar, T., Grance, T., Scarfone, K., & NIST. (2012, August). Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. Retrieved May 08, 2021, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

43. Association for Computing Machinery. (2018, June 22). ACM Code of Ethics and Professional Conduct. Retrieved May 08, 2021, from https://www.acm.org/binaries/content/assets/about/acm-code-of-ethics-and-professional-conduct.pdf

44. IEEE. (2020, June). IEEE Code of Ethics. Retrieved May 08, 2021, from https://www.ieee.org/about/corporate/governance/p7-8.html