Posted by: Robert Davis
CISM, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, Node, Stakeholder
Governance definitional phrases typically embrace language explaining relationships and incentives among ‘oversight committee’ members, senior executives, and ‘stakeholders’ resulting in financial accountability, transparent responsibility, and assertion reliability. Exercising effective governance throughout an entity requires the top level oversight committee and senior executives have an unambiguous understanding of what to expect from programs, systems, and processes. An entity’s oversight committee and senior executives’ should be equipped to direct resource deployments, evaluate the entity’s status regarding existing plans and determine strategies as well as objectives for effective and efficient programs. Foundationally, organizational information and communication relies on a hierarchical data structure, with the parent node (commonly designated as an entity’s ‘Tone at the Top’) connecting to offspring to drive cohesiveness.
“View Part I of the Second-Tier Governance Development series here“