Information Security Governance

Information Security Governance

Introduction

Information security governance is a combination of security programs with the governance methods. Every organization requires the robust deployment of an Information Security Governance program, comprising of the regulatory requirements and threat profiles. It is the set of responsibilities which the management of the board and executives are meant to exercise for providing strategic direction to the organization (Harris, n.d).

Discussion

Theoretical Aspects

Theoretically information security is based on the technological and procedural features of an organization together with the people involved. The major concern is the security of the data and information of the organization which is highly confidential. This security concern implies a combination of measures including passwords, firewalls, biometrics, and especially the aspects of compliance, leading and training should be considered (Veiga & Eloff, 2007).

Practitioner Perspective

The management is supposed to implement the policies and technical securities among the employees and their interactions in the working field. Employees within the organization are found to be involved in security concerned incidents like; they share the company's passwords with others that could be a great source of danger to the information assets of the organization. Therefore, the organization must govern its information security to make sure the adequate level of security within and outside the organization (Veiga & Eloff, 2007).

It includes the policy and awareness of information security,risk analysis, and technical controls. It helps the organization to assess its plan and deploy a new and appropriate plan according to the current needs. It also includes the people-oriented components for cultivating information security with minimizing the level of risk (Veiga & Eloff, 2007).

Examples

The information security governance is similar to the mode of a home-based security. When a person keeps all the security concerns active by implementing burglar proofing at all the windows but leave the door unlocked. His behavior leaves all the security policies ineffective. Similarly, organizations also take ultimate care regarding the security of data assets, but the users and the employees are needed to be governed for misusing the company rights (Veiga & Eloff, 2007).

PROTECT:

It is an acronym for Policies, Risks, Objectives, Technology, Execute, Compliance, and Team. It is a comprehensive approach to the security governance in accordance with the research of Eloff. This approach ensures the risk descendent and increased efficiency in the organization effectively by managing several integrated-controls. These seven components assure the security from the perspective of technology and as well as people (Veiga & ...