News

Six Principles for Building Engaged Security Governance

Steve Durbin
Published 15 - March - 2023
Read the full article on TechTarget
techtargetgovernance

Security governance isn’t enough. Enter engaged security governance — an ongoing process that aligns business strategy with security across an organization.

Information security governance is a system that helps organize and direct dedicated security resources. It influences how goals are set and achieved, how cyber-risks are monitored and assessed, and how security performance is evaluated. Security governance also encompasses the history, structure, internal politics and culture of an organization.

In today’s organizations, security governance isn’t enough. They need “engaged governance.” Learn about engaged governance and six principles that organizations should implement.

The need for engaged governance

Different organizations have different levels of security governance maturity. Some might be at the low end, where only the security function is concerned with governance and the rest of the company doesn’t acknowledge its presence. Others might be at the higher end, where governance helps shape the entire organization, its culture, its decisions and the way business is conducted. Most organizations probably fall somewhere in the middle. They see potential in governance for guidance and to help reassure the business, enabling them to face risks head on and prosper despite them.

Regardless of where one is on the maturity spectrum, good security governance is difficult to achieve. Organizations are dynamic entities, trying to survive in an uncertain and unpredictable world, with many conflicting tactical and strategic priorities. It’s also challenging for security practitioners to take governance to a state where it can evolve easily.

This is where “engaged governance” comes in. Engaged governance is a proactive and continuous effort to align security to business strategy. This means security practitioners must do the following:

  • Make a regular effort to understand how the organization works — its evolving goals, mission, purpose, and values.
  • Collaborate with stakeholders.
  • Draw up plans and policies that serve the broader strategy.
  • Deploy programs that embed appropriate secure behaviours.

Principles for building engaged governance

Six core components can help nurture and develop maturity in a security governance program.

 

SUPPORTING CONTENT

VIEW ALL NEWS ARTICLES
Array
podcast

How Governance Can Guide the CISO

Director of Cyber Security Governance at Danone, Lies Alderlieste, offers advice to security leaders embarking on a governance journey.

Listen Now on How Governance Can Guide the CISO
Array
tool

Standard of Good Practice for Information Security

An internationally recognised set of good practice covering all aspects of cyber resilience, cloud security and information risk management.

Read more on Standard of Good Practice for Information Security
Array
service

Controls, Policies and Standards Support

Develop, validate and improve your security controls and policies to create standards that staff across the business can easily follow.

GET IN TOUCH on Controls, Policies and Standards Support
Six Principles for Building Engaged Security Governance
Read the full article on TechTarget