Abstraction levels are developed based on perceived usefulness. Second-tier Governance Tree information nodes can be viewed in the context of programs, systems, and processes. Pragmatically, establishment of entity-level governance is a second-tier concentrator within the Governance Tree model that focuses on creating an adequate control environment, institutionalizing risk assessments, providing fluid information and communication, ensuring performance monitoring and evaluation, as well as designing and implementing necessary activities. Governance Tree understanding enables abstraction for superior information security program deployment.
“View Part I of the Second-Tier Governance Development series here“