There is no shortage of definitions for governance, especially within the security industry. They can range from executive oversight committees to policy enforcement. Nevertheless, the one provided by the Information Systems Audit and Control Association (ISACA) stands out and reflects the general purpose and role of governance within the ASMA:

Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

Admittedly, the supporting elements as defined by the ISACA do not necessarily explore the potential of governance in the security space to the level the ASMA will. Nevertheless, the definition above is quite ...