Unit 1 P1 Information Security Governance
Information Security Governance
Percy A. Grisby II
Computer Ethics
March 7, 2015
Professor Sonya M. Dennis
Information Security Governance can be defined specifically as the methods and processes that an organization or business will utilize as a means of controlling their IT Security Management program. There is an important distinction which needs to be made however as governance should be considered as separate from IT Security Management as a discipline that is based around the need to identify and control risks. Governance is based around the need to ensure that relevant and approved people are authorized to take the necessary and appropriate actions as well as make the required decisions based on any …show more content…
Involvement The active involvement of senior managers and leaders should be highly visible in implementing the necessary framework and security program to ensure governance can easily be monitored and maintained. This should extend to the allocation of roles and responsibilities that will require all of those involved in such areas to be appropriately trained and qualified.
Accountability
Irrespective of their actual position, any individual who assumes responsibility in these areas will be considered to be accountable for their actions.
Communication
It is critical that the varying priorities of the organization with regards to Information Security will be communicated to all organizational stakeholders and across all parts of the
Percy A. Grisby II
Computer Ethics
March 7, 2015
Professor Sonya M. Dennis
Information Security Governance can be defined specifically as the methods and processes that an organization or business will utilize as a means of controlling their IT Security Management program. There is an important distinction which needs to be made however as governance should be considered as separate from IT Security Management as a discipline that is based around the need to identify and control risks. Governance is based around the need to ensure that relevant and approved people are authorized to take the necessary and appropriate actions as well as make the required decisions based on any …show more content…
Involvement The active involvement of senior managers and leaders should be highly visible in implementing the necessary framework and security program to ensure governance can easily be monitored and maintained. This should extend to the allocation of roles and responsibilities that will require all of those involved in such areas to be appropriately trained and qualified.
Accountability
Irrespective of their actual position, any individual who assumes responsibility in these areas will be considered to be accountable for their actions.
Communication
It is critical that the varying priorities of the organization with regards to Information Security will be communicated to all organizational stakeholders and across all parts of the