Posted by: Robert Davis
CISA, CISM, Concentrator, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, Multiplexor, Node, Stakeholder
Abstraction levels are developed based on perceived usefulness. Second-tier Governance Tree information nodes can be viewed in the context of programs, systems, and processes. Pragmatically, establishment of entity-level governance is a second-tier concentrator within the Governance Tree model that focuses on creating an adequate control environment, institutionalizing risk assessments, providing fluid information and communication, ensuring performance monitoring and evaluation, as well as designing and implementing necessary activities. Governance Tree understanding enables abstraction for superior information security program deployment.
“View Part I of the Second-Tier Governance Development series here“