Governance and Monitoring

The Control Objectives for Information and related Technology (COBIT) 5.0 framework defines governance thus: “Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives.”

Governance policy ensures that policies are used, adopted, and effective. To monitor policy adoption and effectiveness, organizations should create a governance policy committee, usually made up of security teams and business-side leaders. Typically, governance is organized around a series of regularly scheduled committee meetings. A policy ...

Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.