UNIT 2 WEEK 2

Elements of the Information Security Governance framework

Information security governance is described as "a subset of enterprise governance that

provides strategic direction, ensures that objectives are met, manages risk appropriately, uses

organizational resources responsibly, and monitors the success or failure of the enterprise

security program" by the Information Systems Audit and Control Association (ISACA). The

governance of information security is a component of enterprise governance. Its responsibilities

include providing strategic direction, ensuring that objectives are met, managing risk

appropriately, making responsible use of organizational resources, and monitoring the success or

failure of the enterprise security program.

Strategy

It is of the utmost importance that the objectives of an organization and the protection of

its information be compatible with one another. It is vital that IT strategic plans encompass both

the current demands of the company as well as the expectations that are expected to arise in the

future (Haufe, 2019). Governance of information security is performed with the intention of

bringing the objectives of a company, its business activities, and its IT projects into congruence

with one another.

Implementation

In order to properly implement policies and procedures for managing controls within a

given framework, there are a few essential components that must be present first and foremost.

These include dedication, resources, task assignment, and commitment. It will not be able to

carry out the implementation of the program if senior management does not support it.
 Operation

It is of the utmost significance to recognize and successfully manage both operational and

technological risks, to carry out projects that are in line with your overall plan, and to have a

suitable amount of resources available to you at all times.

Monitoring

Metrics and monitoring assist management in making decisions that are better informed,

which paves the way for proactive deployment of information security measures, documenting of

the effectiveness of the program, and resolution of any compliance concerns that may come up in

the future.

Integrity

The phrases "integrity" and "preciseness" are commonly used interchangeably when

talking about the protection of sensitive information. In order to prevent unauthorized parties

from corrupting or otherwise misusing the data, security measures that place an emphasis on data

integrity have been designed with this end in mind (Haufe, 2019). When a data set's

dependability and consistency are preserved throughout its entirety of its life cycle, we say that

the data set has integrity. The data must not be altered in any way while it is being sent, and the

required safety procedures must be taken to prevent unauthorized users from altering the data in

any way.
 Reference

Haufe, K., Colomo-Palacios, R., Dzombeta, S., & Brandis, K. (2019). A process framework for

information security management. International Journal of Information Systems and

Project Management, 4(4), 27-47.