Posted by: Robert Davis
CISM, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, ITGI, Node, Safeguarding, Stakeholder
Governance usually occurs at different organizational strata, with procedures tailored for processes, with processes linking up to systems, and programs receiving objectives from the entity’s oversight committee through established reporting lines. Alternatively or simultaneously, designated technological resources may provide information directly to the entity’s oversight committee for critical programs, systems, or processes. Summarily, these connectivity approaches will not be effective unless approved plans as well as organized strategic objectives and goals have first been conveyed within the entity’s organizational structure. Therefore, management should govern safeguarding information assets through an ‘objectives-based’ security program or risk excessive incidents that may impact financial stability, customer loyalty and/or employee morale.
“View Part I of the Second-Tier Governance Development series here“