CHAPTER 5: INFORMATION SECURITY GOVERNANCE

In today’s corporations, information security professionals have a lot on their plate. While facing constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company’s assets and mitigate risks to the furthest extent possible. In order to successfully address these concerns, they must first establish desired practices which form the basis of company policies.

In a traditional sense, a policy is a document that provides a high-level overview of how company processes should operate in a secure manner. It defines the goal of the information security programme, which in turn supports the business strategy and vision. It also serves a number of other purposes such ...

Get The Psychology of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.