Welcome » IT Booklets » Information Security » Security Process » Governance
Governance is achieved through the management structure, assignment of responsibilities and authority, establishment of policies, standards and procedures, allocation of resources, monitoring, and accountability. Governance is required to ensure that tasks are completed appropriately, that accountability is maintained, and that risk is managed for the entire enterprise. Although all aspects of institutional governance are important to the maintenance of a secure environment, this booklet will speak to those aspects that are unique to information security. This section will address the management structure, responsibilities, and accountability.