Posted by: Robert Davis
Framework, Governance Tree, Information Security Governance, Information Security Management, Information Security Processes, ISG, ISM, ITG, Methodology
If you envision ISG as a framework servicing entity and ‘IT governance‘, then structurally, ISG should be implemented as an organizational program with objectives, goals, policies, procedures, standards, and rules designed to accomplish management’s intentions. To drive safeguarding controls, ISG should receive ‘significant program’ status because other entity and IT programs are directly impacted by ISG effectiveness. Furthermore, efficiency of controls should be obtained through models available to assist in deploying ISG.
“View Part I of the Supporting ISG Deployment series here“