Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson will cover information security governance within the role of the CISO. Information security governance is the set of responsibilities and practices implemented by the board and senior management for protecting the C-I-A of information. Information security governance should, therefore:
- Provide long-term goals and short-term objectives
- Include metrics by which to determine success
- Be based on sound risk management principals
- Ensure that the enterprise's resources are used appropriately
- Require an in-depth understanding of the value of an organization's information
Ultimately the responsibility for information security must rest upon the organization's executive level. Information security is an executive responsibility because: - If an organization's senior management, including the boards of directors, senior executives, and all managers does not establish and reinforce the business need for effective enterprise security; the organizations desired state of security will not be articulated, achieved, or sustained
- To achieve a sustainable capability, organizations must make enterprise security the responsibility of leaders at the governance level and not of other organizational roles that lack the authority, accountability, and resources to act and enforce compliance
Security is a non-negotiable aspect of the business environment, because if you don't protect your information you will be out of business.