IT Governance, Risk, and Compliance

Mar 23 2013   5:34PM GMT

Revisiting the Safeguarding of Information Assets – Part I

Robert Davis Robert Davis Profile: Robert Davis

Information Security Governance (ISG) normally addresses creating and implementing a ‘system of security controls’ that enable ethical and/or legal managerial responsibilities fulfillment for information assets protection (IAP). Ethically, management must protect an entity’s information assets from potential external and internal threats that may compromise confidentiality, integrity, and availability (C-I-A) in order to preserve organization, presentation, and utilization value. Legally, within an entity’s information security control system, explicitly or implicitly, management as a fiduciary agent is responsible and accountable for deploying controls that prevent, deter, detect and/or correct privacy breaches mandated by laws and regulations. Furthermore, laws and regulations may also mandate C-I-A requirements be implemented within an entity; with managerial fiduciary responsibilities and accountabilities.


Brotby, Krag W. Information Security Governance: Guidance for Boards of Directors and Executive Management. 2nd ed. Rolling Meadows, IL: IT Governance Institute, 2006. (accessed April 21, 2008).

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: