Information Security Governance Description

1130 Words5 Pages
In a company, a senior management needs to address management tasks and have an information security governance. The information security governance (ISG) is a way for a company to protect information in the information systems. According to Grama, the responsibility of the ISG falls on the executive management team to protect the information assets, (p. 373, 2011). The company will need to have its information security goals align with its business needs to help protect information. For example, a company needs to make a profit to stay in business and it should include goals to protect information from hackers. If a company gets a reputation of having security breaches, people would not want to do business with the company and they would lose profits. The CIA triad of confidentiality, integrity, and availability can be used by the ISG to meet the goals. Confidentiality is to protect information by allowing the correct people to have the permissions to access and use information. Integrity makes for the information is accurate and changes cannot be made to the information without the correct permission. Availability is making sure the information systems are always up and that information can be accessed. There are many tasks that senior management needs to address such as to make sure everyone understands the needs for the security of information to be governed. This can be done by informing the board and other senior management who may not be as familiar with information systems, how the threats and damage form the threats can disrupt operations and profits in the company. Another task for senior management to help with the development of the security framework by creating policies, standards, procedures, and guidelines. Thes... ... middle of paper ... ... also need to address external governance in which the company needs to include into their own to conduct business with other companies. A training program will need to be put in place and approved by management and the training program would be easy for employees to understand. Works Cited Grama, A. (2011). Legal issues in information security. (p. 373). Burlington, MA: Jones & Barlett Learning. Schreier, Jason. (2011 May 23). Sony estimates $171 million loss from PSN hack. Retrieved from http://www.wired.com/gamelife/2011/05/sony-psn-hack-losses/ Tung, L. (5 March 2014). IT security governance: boards must act. Retrieved from http://www.zdnet.com/it-security-governance-boards-must-act-7000026336/ Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 232). Boston, MA: Cengage Learning.
Open Document