Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Holistic guide to information security governance

IT Governance Institute : 16 June, 2008  (New Product)
Guidance for information security managers on governance available from the IT Governance Institute to provide improved information on risk management and delivering value
To help information security professionals who are facing growing pressure to cut costs, reduce IT-related risks, and comply with new and existing laws and regulations, the IT Governance Institute (ITGI) has released new guidance featuring a holistic approach to information security governance.

Developed and reviewed by a team of international information security experts, Information Security Governance: Guidance for Information Security Managers outlines key security tasks for the following areas:

Strategic alignment—Cost-effectiveness of the security program, tied to how well the organization's objectives are supported

Risk management—The ultimate objective of all information security activities and organizational assurance efforts

Value delivery—A function of the strategic alignment of security strategy and business objectives

Performance measurement—Measuring, monitoring and reporting on information security processes

Resource management —Processes to plan, allocate and control information security resources, including people, processes and technologies for improving the efficiency and effectiveness of business solutions

Process assurance—Integration of disparate assurance functions to ensure that processes operate as intended from end to end, minimizing hidden risks

For each key task, the publication provides indicators that the tasks are being performed correctly. It also includes actions that boards and executive management can take to ensure effective governance over information security.

"As with any other business-critical activity, information security program activities must be thoroughly planned, effectively executed and constantly monitored at the highest levels of the organization," said Krag Brotby, CISM, member of the ISACA CISM Test Enhancement Committee and author of the ITGI publication. "Failure to do so can cause significant financial losses or reputational damage—as many companies have learned the hard way. Information security is truly one of those areas in which preparation is infinitely more valuable than remediation."

Information Security Governance: Guidance for Information Security Managers is available from the ISACA Bookstore. It is a companion publication to Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo