While organizations can survive the loss of most assets, such as facilities and equipment, few can recover from ths loss of critical information, including financial or customer data. To effectively protect this critical asset, information security must be addressed at the highest level of the organization, by boards of directors and chief executive officers (CEOs).
To help boards and CEOs fulfill their growing information security responsibilities, the nonprofit IT Governance Institute released today Information Security Governance: Guidance for Boards of Directors and Executive Management, 2 nd Edition, sponsored by Unisys and available as a complimentary download at www.itgi.org.
The updated guidance includes actions that boards and executive management can take to ensure effective information security governance. An easy-to-read laminated card is included that lists information security governance responsibilities, the benefits of information security governance, and the 15 elements of a comprehensive security program. The card also notes five positive outcomes of a successful information security program:
– Information security is aligned with business strategy to support the business.
– Risks are managed to reduce impacts on information.
– Resources are managed by using information security knowledge and infrastructure effectively and efficiently.
– Information security governance metrics are used to measure, monitor and report progress.
– Information security investments deliver value to the business.
In addition to the complimentary PDF, a print version of the publication is available for purchase from the ISACA Bookstore.