
83
8Chapter
Information Security
Governance
Governance is defined by the Information Security and Control Association
(ISACA) as
e set of responsibilities and practices exercised by the board and execu-
tive management with the goal of providing strategic direction, ensuring
that objectives are achieved, ascertaining that risks are managed appropri-
ately and verifying that the enterprise’s resources are used responsibly.
1
e Organization for Economic Co-operation and Development (OECD) in its
1999 publication “OECD Principles of Corporate Governance” adds the require-
ment that governance includes the “structure through which the objective ...