Abstract
As an educational resource for boards of directors, executive management and IT security professionals, the IT Governance Institute has designed and created a publication, titled “Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition” [ITGI06]. This paper is based upon this publication. This paper starts by a definition of the Information Security Governance and its six basic outcomes: Strategic alignment, Risk management, Resource management, Performance measurement, Value, Integration. It will continue by presenting an information security governance framework presenting the necessary people components in developing a security strategy aligned with business objectives and their roles and responsibilities. A more detailed “must do” list is given for the two levels of executive management considered in this paper: Board of directors (or Trustees) and Executive Committee (or Information Security Steering Committee). Relationships amongst the outcomes of effective information security governance and management directives will be explained for the various management levels involved.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
