Information Security Governance: Guidance for Information Security Managers
- 1h 12m
- W. Krag Brotby
- ISACA
- 2008
This book discusses how to develop an information security strategy within an organization’s governance framework and how to drive that strategy through an information security program. It provides guidance on determining information security objectives and how to measure progress toward achieving them. It is an exposition on the rationale and necessity for senior management to integrate information security into overall organizational governance at the highest levels. It provides information, developed in recent years, that mandates a business case for information security governance.
For continuity and clarity, some of the information from the companion publication, Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition, is summarized in this document, a review of that publication is recommended for an understanding from a high-level strategic governance perspective.
In this Book
-
Information Security Governance—Guidance for Information Security Managers
-
Introduction
-
Information Security Governance Guidance
-
Information Security Programme Requirements
-
Roles and Responsibilities
-
What the Board, Executive Management and Security Management Should Do
-
Information Security Metrics and Monitoring
-
Establishing Information Security Governance
-
Information Security Objectives
-
Strategy
-
The Strategy
-
Action Plan
-
Action Plan Intermediate Goals
-
Establishing Information Security Governance—An Example Using the ITGI and COBIT Maturity Scale
-
Conclusion
-
Critical Success Factors for Effective Information Security
-
Self-assessment and Maturity Model
-
A Generic Approach to Information Security Initiative Scoping
-
An Approach to Information Security Metrics
-
Glossary
-
References
-
Other Publications
YOU MIGHT ALSO LIKE
PEOPLE WHO VIEWED THIS ALSO VIEWED THESE
