Information Security Governance: Guidance for Boards of Directors and Executive Managment, 2nd Edition

To achieve effectiveness and sustainability in today s complex, interconnected world, information security must be addressed at the highest levels of the organization, not regarded as a technical specialty relegated to the IT department

Organizations today face a global revolution in governance that directly affects their information management practices. Following the high-profile organizational failures of the past decade, legislatures, statutory authorities and regulators have created a complex array of new laws designed to force improvement in organizational governance, security, controls and transparency. Coupled with previous laws in these areas and information retention and privacy, these new laws and regulations, together with significant threats of information system disruptions from hackers, worm, virus perpetrators and terrorists create an unprecedented need for a governance approach to information management.

Information Security Governance: Guidance for Boards of Directors and Executive Management, first published in 2002, has been updated to reflect the changes in the environment, and to include many ideas and outcomes of those organizations that embrace good Information Security Governance.

This guide covers such issues as:

• What is information security governance?
• Why is information security important?
• Who should be concerned with information security governance?
• What should information security governance deliver?
• What can be done to successfully implement information security governance?