Authors : Sujit Kumar Sarker

Volume/Issue : Volume 10 - 2025, Issue 10 - October

Google Scholar : https://tinyurl.com/msu4295v

Scribd : https://tinyurl.com/ycyeap34

DOI : https://doi.org/10.38124/ijisrt/25oct257

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 30 to 40 days to display the article.

Abstract : IT risk governance describes the overall oversight of strategies, policies, controls, and accountability structures that aim to ensure security, resilience, and regulatory compliance related to system and technology assets in an organization. IT risk is an integral part of financial risk. Considering the growing cyber risk and systemic risk, Bangladesh Bank released Guideline on ICT Security – Version 4.0, 2023 to mitigate escalating cyber threats and systemic vulnerabilities of the financial sector. This paper conducts a cross-reference gap analysis between ICT Security Guideline, 2023 issued by Bangladesh Bank and ISACA’s Risk IT Framework, identifying governance gaps, strengths, and opportunities for alignment. Based on a gap and maturity assessment structured around the 14 ISO/IEC 27001 controls and relevant international standards, this study highlights shortcomings in risk quantification, qualitative and quantitative assessments, integrating IT governance into corporate governance, and strategic alignment with enterprise and regulatory entities. Suggestions for enhancing governance maturity, compliance, and organizational resilience are presented.

Keywords : IT Risk Governance, Bangladesh Bank, Guideline on ICT Security – Version 4.0, ISACA Risk IT Framework, Gap Analysis, Governance Maturity, ISO/IEC 27001 Controls, Cybersecurity in Financial Sector, Regulatory Compliance.

References :

1. J. Newman, “The Billion-Dollar Bank Job,” IEEE Spectrum, vol. 55, no. 6, pp. 32-37, June 2018.
2. Bangladesh Bank, “Guideline on ICT Security – Version 4.0”, Dhaka, Bangladesh, BRPD Circular No. 10, 2023.
3. ISACA, The Risk IT Framework, Rolling Meadows, IL, USA, 2009.
4. P. S. Debreceny, “The Bangladesh Bank Heist: Lessons for the Central Banking Community,” J. Payments Strategy & Systems, vol. 11, no. 3, pp. 226-237, 2017.
5. ISO/IEC, ISO/IEC 27001:2022 Information Security Management Systems — Requirements, Geneva, Switzerland, 2022.
6. R. S. Kaplan and A. Mikes, “Managing Risks: A New Framework,” Harvard Bus. Rev., vol. 90, no. 6, pp. 48-60, 2012.
7. M. E. Whitman and H. J. Mattord, Principles of Information Security, 7th ed., Boston, MA, USA: Cengage Learning, 2021.
8. P. Beng Sim, “The Impact of IT Risk Management on Strategic Agility and Organizational Performance: A Study on SMEs in Penang, Malaysia,” 2014. [Online]. Available: https://core.ac.uk/download/200764279.pdf
9. S. M. Faizi and S. Rahman, “Securing Cloud Computing Through IT Governance,” 2019.
10. A. Hemanidhi and S. Chimmanee, “Military-based cyber risk assessment framework for supporting cyber warfare in Thailand,” 2017.
11. F. Jamba et al., “IT Governance Practices and Enterprise Effectiveness in Zimbabwe,” 2013.
12. D. S. Kala Sethupathy and D. Preston, “Impact of corporate governance on information security practices in UK financial industry,” 2010.
13. N. Sasongko and F. Lussie B, “IT Audit Performance for Accounting Transaction Security on Rural Banking in West Java Indonesia,” 2013.
14. S. H. W. E. T. A. Singh et al., “Optimization of Different Objective Function in Risk Assessment System,” 2013.
15. N. Che Pa et al., “A review on risk mitigation of IT governance,” 2015.
16. D. Rios Insua et al., “An Adversarial Risk Analysis Framework for Cybersecurity,” 2019.
17. A. K. M. Bahalul Haque, “Need for Critical Cyber Defence, Security Strategy and Privacy Policy in Bangladesh,” 2019.
18. M. Asgarkhani et al., “Failed IT projects: is poor IT governance to blame?” 2017.
19. S. Nakashima, “The $81 million Bangladesh bank heist: How hackers targeted the federal reserve and got away with it,” The Washington Post, 2016.