Making Cybersecurity Effective: The Five Governing Principles for Implementing Practical IT Governance and Control

Abstract

With any complex project deployment, a clearly understood and reliable infrastructure can only be substantiated through a rational and explicit planning process. This planning process is often described as information technology (IT) governance. Governance-based control infrastructures are valuable and can provide the basis for control over every form of organizational resource. Given the level of sophistication of malicious agents, an information and communication technology management control system with even one hole in it is a business catastrophe waiting to happen. Strong executive sponsorship is the prerequisite for effective IT governance and the proper way to establish information security is to engineer an array of interlocking best practices, from a commonly accepted model of best practice. Organizations must define substantive policies, assign roles and responsibilities, educate employees and describe and enforce accountability. This paper presents an understanding and mastery of five strategic principles of cybersecurity best practices based on the Framework for Improving Critical Infrastructure Cybersecurity (CSF).