If, however, you assume ISG provides financial and/or reputational benefits, potential stakeholders are presumed to rely upon governance elements prior to investing their time, talent, and/or money. Therefore, ascertaining the effectiveness and efficiency of entity-centric information security objectives, through adequate monitoring, is rudimentary to sound business practices for satisfying stakeholder safeguarding expectations. In this regard, effectiveness and efficiency evaluation requires measurement against established standards. The performance measures should be established when standards are created or adopted. Techniques utilized for ISG implementation include: maturity modeling, budgeting, benchmarking, and gap analysis. Base on the perceived opportunity for enrichment, with provable risk reductions, publicized superior ISG deployment may attract additional investors.
“View Part I of the Supporting ISG Deployment series here“