Information Security Governance
- What is Information Security Governance and What it is Not
- Why Information Security Governance is Needed
- How to Govern Information Security
...
...
...
...
...
...
...
- What Governance Models are used by EDUCAUSE Members
- Success Stories
- Other EDUCAUSE Resources
- Appendix A: Effective/Ineffective Governance Compared
- Appendix B: Roles and Responsibilities from the NIST Security Handbook
- References
Anchor | ||||
---|---|---|---|---|
|
What is Information Security Governance and What it is Not
IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). IT security governance should not be confused with IT security management. IT security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions. Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations.
...
Wiki Markup |
---|
Enterprise security governance results from the duty of care owed by leadership towards fiduciary requirements. This position is based on judicial rationale and reasonable standards of care \[1\]. The five general governance areas are: |
...