Skip to content

Dated: 31-10-2024

Ch01 .WHAT is Information Security Governance

  • Information security governance in simpler terms just means effective management of the security program
  • Responsibility for governance is associated with the Board and senior management

It Governance Institute Definition

Security governance is the set of responsibilities and practices exercised by the board and executive management, with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly.

Iso27001:2013 - Isms (Information Security Management system)

It is the world's leading and most widely adopted security governance standard.
It provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.

  • Ten short clauses and a long Annex with 114 controls in 14 groups
  • 27000+ certifications globally in 2015
Post Assessment
Responsibility for governance is associated with the Board and
  • Junior management
  • Middle management
  • Senior management
  • Junior staff
In terms of security governance, ISMS stands for
  • Internal Security Management System
  • Internet Security Management System
  • Individual Security Management System
  • Information Security Management System
Following is the set of responsibilities and practices exercised by the board and executive management: with the goal of providing strategic direction.
  • Security governance
  • Security Guide
  • Security Breach
  • Security hardening