Governance usually occurs at different organizational strata, with procedures tailored for processes, with processes linking up to systems, and programs receiving objectives from the entity’s oversight committee through established reporting lines. Alternatively or simultaneously, designated technological resources may provide information directly to the entity’s oversight committee for critical programs, systems, or processes. Summarily, these connectivity approaches will not be effective unless approved plans as well as organized strategic objectives and goals have first been conveyed within the entity’s organizational structure. Therefore, management should govern safeguarding information assets through an ‘objectives-based’ security program or risk excessive incidents that may impact financial stability, customer loyalty and/or employee morale.
“View Part I of the Second-Tier Governance Development series here“