Information Security Governance Papers
| Paper Title | Information Security Governance for Executive Management |
|---|---|
| The Abstract of The Paper |
As an educational resource for boards of directors, executive management and IT security professionals, the IT Governance Institute has designed and created a publication, titled “Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition” [ITGI06]. This paper is based upon this publication. This paper starts by a definition of the Information Security Governance and its six basic outcomes: Strategic alignment, Risk management, Resource management, Performance measurement, Value, Integration. It will continue by presenting an information security governance framework presenting the necessary people components in developing a security strategy aligned with business objectives and their roles and responsibilities. A more detailed “must do” list is given for the two levels of executive management considered in this paper: Board of directors (or Trustees) and Executive Committee (or Information Security Steering Committee). Relationships amongst the outcomes of effective information security governance and management directives will be explained for the various management levels involved.
In conclusion, the success of an information security program rests on the willingness of top management to stress its importance, to act in line with the principles enacted in policies, on the precision in which security responsibilities are assigned, on the effectiveness of security training, and on the attitudes and daily practices of every man and woman of the organization. Every level of management, starting with the board of directors, must play a vital role in this effort. |
| Web Link | http://www.springerlink.com/content/l4w57872x03456h4/?p=9328c17f82e248da89bceaffc32aaed6&pi=18 |