Information Security Governance

Information security governance is a part of governance, risk and compliance (GRC).

Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined.

Information security Governance covers:

A business process assessment (BPA) evaluates the efficiency of an organization’s process and identify opportunities for improvement.

IT Security Program

An information security program (ISP) defines the activities that enable the information security within an organization. To know more about the ISP, please read this post.

IT Security Framework

IT security frameworks

Information Security Policy Framework

IT security policy framework consists of a set of documents that defines, guides or outlines the IT security processes within an organization.

An information security policy framework may be a component of an IT security framework.

IT Security policy framework

IT Security Architecture Framework

IT security architecture framework

Process Improvement Frameworks

You can read about process improvement frameworks, like CMMI, SAMM or IDEAL, on this post.

Due Diligence and Due Care

The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. Is a very broad standard.

Due care is the continued application of the security structure onto the IT infrastructure of an organization.

The due diligence principle states that an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner. It is more specific than due care principle.

It implies establishing a plan, policy, and process to protect the interest of an organization.

Information Security Indicators

You can read this post about information security indicators.

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *