What is required for effective security in an organization?
Active engagement of executive management to assess emerging threats and provide strong cyber security leadership
What is Corporate governance?
A set of policies and internal controls by organizations are directed and managed
What is Security governance?
How a company controls its approach to security through procedures, strategies, and programs to manage risk and meet security goals
How does information security governance relate to overall governance?
It is a subset of the organizations overall governance program.
What does Information Security Governance provide?
- strategic direction
- ensures that objectives and achieved
- manages risks appropriately
- uses organizational resources responsibly,
- monitors the success or failure of the enterprise security program
What are the benefits of Information Security Governance?
- Increase in share value with good governance
- Makes operations predictable and reduces uncertainty
- Protect from legal or civil liabilities
- Optimizes use of limited security resources
- Ensures policies are effective and followed
- Supports strong risk management and fast incident responses
- Helps makes reliable decisions (not based on faulty information)
- Keeps people accountable for securing information
what are the outcomes of effective information security (IS) governance?
- Strategic alignment - with businesses goals
- Risk management - Reduce IS risk to acceptable levels
- Value Delivery - Get most business benefit from IS investments
- Performance Measurement - monitoring on IS to sure that objectives are achieved
- Resource Management - Use IS knowledge and tools efficiently
- Integration - Ensures all security processes operates as intended from end to end
Why were frameworks developed?
To support the rapid effective deployment of security governance infrastructure
what does government framework provide in information security? (definition)(must know)
- The basis for the developing a cost-effective information security program that supports the organization’s goals
and
- an acceptable level of predictability in operations by limiting the impacts of adverse events.
overall: Ensures information assets are protected at a level matching their value and associated risk.
What will a governance framework generally consist of?
- security strategy linked with business objective
- security policies that addresses, control and regulate each aspect of strategy
- Standards for each policy to ensure that procedures comply with policy
- Effective security organizational structure with sufficient authority and adequate resources
- Metrics and monitoring to ensure rules are followed, spot problems, and guide better decisions
