Actions

Difference between revisions of "Information Security Governance"

m
m
Line 1: Line 1:
IT security [[governance]] is the [[system]] by which an [[organization]] directs and controls IT security (adapted from ISO 38500). IT security governance should not be confused with IT security [[management]]. IT security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions. Governance specifies the accountability [[framework]] and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with [[business]] objectives and consistent with regulations.
+
IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). IT security governance should not be confused with IT security management. IT security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions. Governance specifies an accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations.
NIST describes [[IT Governance]] as the [[process]] of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage [[risk]].<ref>What is [[Information Security]] Governance? [https://spaces.internet2.edu/display/2014infosecurityguide/Information+Security+Governance internet2.edu]</ref>
+
NIST describes [[IT Governance]] as the process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.<ref>[https://spaces.internet2.edu/display/2014infosecurityguide/Information+Security+Governance What is Information Security Governance? -internet2.edu]</ref>
 +
 
 +
 
 +
==See Also==
 +
 
  
  
 
===References===
 
===References===
 
<references />
 
<references />

Revision as of 13:19, 22 November 2022

IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). IT security governance should not be confused with IT security management. IT security management is concerned with making decisions to mitigate risks; governance determines who is authorized to make decisions. Governance specifies an accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations. NIST describes IT Governance as the process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.[1]


See Also

References