IT Governance, Risk, and Compliance

Dec 15 2012   12:05AM GMT

eBook excerpt: Assuring Information Security – Part II

Robert Davis Robert Davis Profile: Robert Davis

Instituting and/or sustaining ISG requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an entity’s mission.  Consequently, “[i]nformation security requires a balance between sound management and applied technology.”  Sound management enables assuring adequate asset safeguarding, while applied technology can introduce efficiencies for addressing potential external or internal threats.

Planning and organizing is imperative to managerial cohesiveness.  ISG usually occurs at different organizational strata, with team leaders reporting to and receiving direction from their managers, with managers reporting up to an executive, and the highest-level executive conferring with and receiving direction from the entity’s oversight committee.  Information that indicates deviation from targets will usually include recommendations for action requiring endorsement by the entity’s oversight layer.  Transparently, this approach is ineffective unless strategies, objectives and goals have first been developed and deployed within the entity’s organizational structure.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: