Information Security Governance: The Cornerstone Of Effective Information Protection

Advertisement

BEGIN ARTICLE PREVIEW:

Information Security Governance (ISG) refers to the system through which an organization directs and controls its Information Security (InfoSec) activities. Just like corporate governance, ISG seeks to protect the interest of all stakeholders (shareholders, customers, service providers, government, employees, etc.) of an organization. It ensures the alignment of InfoSec strategies with organizational strategies. The accountability of ISG usually resides with the Board of Directors or Executive Management of the organization. According to Mears and Von Solms (2004), in order for organizations to ensure adequate protection of their information asset, the Board of Directors and Senior Managers must be serious about InfoSec. According to the IT Governance Institute (2006), ISG is an aspect of enterprise governance, which is responsible for setting strategic direction, attainment of InfoSec objectives, risk management, and monitoring of the enterprise security framework. ISG is the means of dealing with the security of enterprise information assets in a holistic approach, to include all organizational stakeholders, including those at the governance and management levels. (Rebollo et al, 2014). InfoSec is essential to all organizations, regardless of size, location, and industry; hence, ISG cannot be relegated to the background. According to Von Solms et. al (2011), ISG has become one of the main areas …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE