CFP last date
21 July 2025
Call for Paper
August Edition
IJCA solicits high quality original research papers for the upcoming August edition of the journal. The last date of research paper submission is 21 July 2025

Submit your paper
Know more
The week's pick
Responsive image
Design and Theoretical Framework of a GPS-Enabled Smart Cane for the Visually Impaired

Sk. Md Azmayeen Tajwar Ayman Raeef Khan Md. Sahidullah
Random Articles
Reseach Article

A Multi-Layered Approach to IT Infrastructure Governance and Compliance: Security, Hardening, and Audit Readiness

by Shriniwas Phalke, Yogesh Dada Athave, Balu N. Ilag
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 12
Year of Publication: 2025
Authors: Shriniwas Phalke, Yogesh Dada Athave, Balu N. Ilag
10.5120/ijca2025925133

Shriniwas Phalke, Yogesh Dada Athave, Balu N. Ilag . A Multi-Layered Approach to IT Infrastructure Governance and Compliance: Security, Hardening, and Audit Readiness. International Journal of Computer Applications. 187, 12 ( Jun 2025), 29-33. DOI=10.5120/ijca2025925133

@article{ 10.5120/ijca2025925133,
author = { Shriniwas Phalke, Yogesh Dada Athave, Balu N. Ilag },
title = { A Multi-Layered Approach to IT Infrastructure Governance and Compliance: Security, Hardening, and Audit Readiness },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2025 },
volume = { 187 },
number = { 12 },
month = { Jun },
year = { 2025 },
issn = { 0975-8887 },
pages = { 29-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number12/a-multi-layered-approach-to-it-infrastructure-governance-and-compliance-security-hardening-and-audit-readiness-v3/ },
doi = { 10.5120/ijca2025925133 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-06-21T01:56:52.772518+05:30
%A Shriniwas Phalke
%A Yogesh Dada Athave
%A Balu N. Ilag
%T A Multi-Layered Approach to IT Infrastructure Governance and Compliance: Security, Hardening, and Audit Readiness
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 12
%P 29-33
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this paper we discusses a structured framework to address IT Server infrastructure governance and compliance problems based on the regulatory frameworks requirements. In the modern complex regulatory world, coupled with emerging cyber threats, an embedded idea (in an integrated ecosystem) of governance, security, hardening, and audit readiness is required for an organization to gain resilience. This paper highlights how IaC and GaaS automation make compliance scalable, consistent, and proactive for hybrid infrastructures. Organizations can lessen risk, increase effectiveness, and improve productivity by implementing governance directly into deployment and operational workflows. Supported by a literature review covering governance and compliance, the framework developed in this paper is a four-layer model of governance, security, hardening, and audit readiness. Thus, specifically, such trends as Governance as a Service (GaaS) and Infrastructure as a Code (IaC) are discussed in the context of Gelsey to enable policy-driven, scalable operations. The paper also elaborates on practical, real-life enterprise-related scenarios. Finally, it offers a guide on how governance and compliance can be integrated into the ITIL best practice at each phase of the organization’s infrastructural development.

References
  1. De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., & Huygh, T. (2020). COBIT as a framework for enterprise governance of IT. In Enterprise governance of information technology: Achieving alignment and value in digital organizations (pp.125-162). Springer. https://doi.org/10.1007/978-3-030-25918-1_5.
  2. Dzemydienė, D., Turskienė, S., & Šileikienė, I. (2024). An approach of ICT incident management based on ITIL 4 methodology recommendations. Baltic Journal of Modern Computing, 12(3), 286-303. https://doi.org/10.22364/bjmc.2024.12.3.05.
  3. International Organization for Standardization. (2013). ISO/IEC 27001:2013 information technology – Security techniques – Information security management systems – Requirements. https://www.iso.org/standard/54534.html
  4. Kenfack, P. D. B., Abana, A. B., Tonye, E., & Leka, G. E. N. (2023). Strengthening the security of supervised networks by automating hardening mechanisms. Journal of Computer and Communications, 11(5), 108-136. https://doi.org/10.4236/jcc.2023.115009.
  5. Kumar, M., Mishra, S., Lathar, N. K., & Singh, P. (2023). Infrastructure as code (IAC): Insights on various platforms. In Sentiment analysis and deep learning: Proceedings of ICSADL 2022 (pp.439-449). Springer Nature Singapore. https://doi.org/10.1007/978-981-19-5443-6_33.
  6. Maleh, Y., Sahid, A., Alazab, M., & Belaissaoui, M. (2021). IT governance and information security: Guides, standards, and frameworks. CRC Press.
  7. Melaku, H. M. (2023). A dynamic and adaptive cybersecurity governance framework. Journal of Cybersecurity and Privacy, 3(3), 327-350. https://doi.org/10.3390/jcp3030017.
  8. Mohanta, S., & Jamdagni, A. (2023). A survey on taxonomy of data governance for cloud-based services. In World conference on information systems for business management (pp.99-109). Springer Nature Singapore. https://doi.org/10.1007/978-981-99-8346-9_9.
  9. National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations (NIST SP 800-53 Rev. 5). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-53r5.
  10. Provectus. (2021). HIPAA-compliant cloud infrastructure for Lane Health. Provectus Case Studies. https://provectus.com/case-studies/hipaa-compliant-cloud-infrastructure/
  11. Presidio. (2022). St. John’s University: Hybrid cloud powered by efficient CI/CD pipeline. Presidio Client Stories. https://www.presidio.com/client-stories/st-johns-university-hybrid-cloud-powered-by-efficient-ci-cd-pipeline/
  12. U.S. Department of Health & Human Services. (n.d.). Health Insurance Portability and Accountability Act of 1996 (HIPAA). https://www.hhs.gov/hipaa/for-professionals/index.html
Index Terms

Computer Science
Information Sciences

Keywords

Multi-Layered Approach Security Hardening Audit Readiness Server Infrastructure IT Infrastructure Governance IT Infrastructure Compliance.

Powered by PhDFocusTM