Chapter 8

Governance

Abstract

Security governance is the combined set of tools, personnel, and processes that provide for formalized risk management. It includes organizational structure, roles and responsibilities, metrics, processes, and oversight, as it specifically impacts the security program. While governance is embodied in a set of documents, specifically standards, guidelines, policies, and procedures, to have an effective security program, the appropriate resources need to be allocated, as defined within the governance.

Without the formalization, and especially the implementation of governance, a security program is an accident. It would otherwise rely upon having the appropriately skilled people running the program, who are allocated the ...

Get Advanced Persistent Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.