Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Continuity Management, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Security Frameworks, Strategic Alignment, Value Delivery
Chapter 1: Information Security Governance
“The information possessed by an organization is among its most valuable assets and is critical to its success. The Board of Directors, which is ultimately accountable for the organization’s success, is therefore responsible for the protection of its information. The protection of this information can be achieved only through effective management and assured only through effective board oversight.” – A Call to Action for Corporate Governance, March 2000
Most entities actively seek maximizing stakeholder return on investments and fostering superior customer relations to sustain creation justification. With information technologies considered indispensable to providing processing efficiency, communication expediency and information reliability for stakeholders and customers; entities need to adequately safeguard information assets, since they have measurable value. To accomplish this security necessity, management normally needs a governance framework that enables organizational alignments, judicious resource allotments, risk management, value delivery and performance measurements.