Posted by: Robert Davis
CISM, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, Node, Stakeholder
Organizational units exist for various reasons. Threading from the first-tier Governance Tree level, linked leaves are inextricably affected by external forces. An organizational formation’s continuity depends on relevant, accurate and timely external environment information assessments to drive appropriate governance. Management, especially information security management, can not establish an adequate safeguarding posture unless root expectations are understood and potential threats, weaknesses as well as opportunities are appropriately redressed. Applying the described Governance Tree framework allows methodological, value driven consideration, development and deployment of aligned programs that positively impact control environment awareness and subsequent resource allocation decisions.
“View Part I of the First-Tier Governance Development series here“