Posted by: Robert Davis
CISM, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, ISG, ISM, Node, Stakeholder
Organizationally, governance is the system by which entities are directed and controlled. “Potential stakeholders usually rely upon governance elements prior to investing their time, talent, and/or money.” Leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance enabling the flow of stakeholder expectations to construct an effective ISG framework. Descriptively; ISG development echoes how an entity’s information security management team intends to accomplish the organizational safeguarding mission. Properly framed, ISG supports stakeholder expectations related to management’s explicit or implicit fiduciary responsibilities.
When framing governance, domains can be formed and connected through parent-child information relationships. Idiomatically, a technological hierarchical structure is often called a tree. It is composed of a set of elements known as nodes that are abstractively linked. However, dissimilar to biological trees, technological trees have an inverted germination base, where lower-level accessibility is only achieved through top-down paths to associated elements. Regarding architectural design, the ‘Governance Tree‘ paradigm currently has a ‘height’ of six (number of levels), a ‘moment’ of one-hundred-thirty-five (number of nodes), a ‘weight’ of one-hundred-twenty-eight (number of leaves), and a ‘radix’ of one (number of roots). Interpretively, present Governance Tree ‘dimensions’ enable describing managerial information and communication aspects permitting alignment of nodal families.