Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
Considering fiduciary tenets and accepting ISG utilizes a top-down approach for legal requirements compliance, if the entity’s executive management has an established or enforceable fiduciary duty then organizational personnel are expected to adhere to and sustain the defined obligation. Consequently, employees are primarily controlled through policies and procedures that support compliance with laws and regulations. Employees that value compliance usually hold honesty and integrity as desirable personal traits or fear noncompliance repercussions. However, if an entity’s culture continually encourages or accepts objectives achievement over ethical behavior eventually legal dilemmas ensue that can damage reputations as well as create financial losses. Therefore, an entity’s management should implement technology related control self-assessment procedures that assure adherence to legal obligations.