The IT Governance Institute (ITGI) has released new guidance in the US for information security governance, following input from international information security experts.
‘Information Security Governance: Guidance for Information Security Managers’ outlines key security tasks in several key areas, including strategic alignment, risk management, value delivery, performance management, resource management and process assurance.
For each aspect, the new publication provides indicators for correct performance. It also includes actions that boards of directors and executive management can take to ensure effective governance over information security.
“As with any other business-critical activity, information security programme activities must be thoroughly planned, effectively executed and constantly monitored at the highest levels of the organisation,” comments Krag Brotby, member of the ISACA (Information Systems Audit and Control Association) CISM (certified information security manager) test enhancement committee and author of the ITGI publication.
“Failure to do so can cause significant financial losses or reputation damage – as many companies have learned the hard way. Information security is truly one of those areas in which preparation is infinitely more valuable than remediation.”
The new publication is available from the ISACA bookstore as a companion to Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition.