While organizations can survive the loss of most assets, such as facilities and equipment, few can recover from the loss of critical information, including financial or customer data. To effectively protect this critical asset, information security must be addressed at the highest level of the organization, by boards of directors and chief executive officers (CEOs).
To help boards and CEOs fulfill their growing information security responsibilities, the nonprofit IT Governance Institute released today Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition, sponsored by Unisys and available as a complimentary download at www.itgi.org.
"Information security is a critical business issue that can improve reputation and trust, as well as efficiency by avoiding wasted time and effort recovering from a security incident," said Everett Johnson, CPA, international president of the IT Governance Institute. "It`s not something that can be relegated to the IT department."
The updated guidance includes actions that boards and executive management can take to ensure effective information security governance. An easy-to-read laminated card is included that lists information security governance responsibilities, the benefits of information security governance, and the 15 elements of a comprehensive security program. The card also notes five positive outcomes of a successful information security program:
1.Information security is aligned with business strategy to support the business.
2. Risks are managed to reduce impacts on information.
3. Resources are managed by using information security knowledge and infrastructure effectively and efficiently.
4. Information security governance metrics are used to measure, monitor and report progress.
5. Information security investments deliver value to the business.
"With increasing globalization, privacy compliance issues, regulatory requirements and the risk of security breaches, organizations are evolving in their thoughts about information security," said Krag Brotby, author of the publication. "Boards of directors and executive management are realizing that information security can deliver real value to the organization and are incorporating information security governance into their overall enterprise governance programs."
In addition to the complimentary PDF, a print version of the publication is available for purchase from the ISACA Bookstore (www.isaca.org/bookstore). A related slide presentation, Top Actions for Security Managers, is available as a complimentary download at www.isaca.org/topactions.
Share
The IT Governance Institute(r) (ITGI) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise`s information technology. Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities. The IT Governance Institute developed Control Objectives for Information and related Technology (COBIT) and offers original research and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.
Unisys
Unisys is a worldwide technology services and solutions company. Our consultants apply Unisys expertise in consulting, systems integration, outsourcing, infrastructure and server technology to help our clients achieve secure business operations. We build more secure organizations by creating visibility into clients` business operations. Leveraging Unisys 3D Visible Enterprise, we make visible the impact of their decisions-ahead of investments, opportunities and risks. For more information, visit www.unisys.com.
Editorial contacts