Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Security Frameworks, Strategic Alignment, Value Delivery
1.1 Control Environment
“…culture determines the behaviour of people in an organisation and should, therefore, be used to influence the behaviour of people with regard to information security.” – Kerry-Lynn Thomson and Rossouw von Solms
Most entities operate in an environment that is influenced by perceived stakeholder values; the entity’s mission, vision and values; community and organizational ethics and culture; applicable laws, regulations and policies; as well as industry practices. When interacting with the environment, organizational units endeavor to maintain their basic culture while attempting to control external and internal factors impacting programs, systems, and processes dedicated to pursuing the entity’s mission. In systems theory, this characteristic is known as dynamic homeostasis. Contextually, ‘dynamic’ means that homeostasis is achieved even though the system is in a constant state of variable activity. Consequently, in response, organizational units generally rely on adaptive processes for appropriate responses to cope with changing environmental circumstances.