Chapter 1: Information Security Governance
“The information possessed by an organization is among its most valuable assets and is critical to its success. The Board of Directors, which is ultimately accountable for the organization’s success, is therefore responsible for the protection of its information. The protection of this information can be achieved only through effective management and assured only through effective board oversight.” – A Call to Action for Corporate Governance, March 2000
Most entities actively seek maximizing stakeholder return on investments and fostering superior customer relations to sustain creation justification. With information technologies considered indispensable to providing processing efficiency, communication expediency and information reliability for stakeholders and customers; entities need to adequately safeguard information assets, since they have measurable value. To accomplish this security necessity, management normally needs a governance framework that enables organizational alignments, judicious resource allotments, risk management, value delivery and performance measurements.