Section 11.96 Governance Flashcards
Objectives 5.1 Summarise elements of effective security governance. Objectives 5.4 Summarise elements of effective security compliance
Governance
■ Part of the GRC triad (Governance, Risk, and Compliance)
The strategic leadership, structures, and processes ensuring IT aligns with business objectives and regulatory requirments. This framework includes the rules, responsibilities and practicies that guide an organisation in achieving its goals and managing its IT resources.
Involves risk management, resource allocation, and performance measurement
Purpose of Governance
Establishes a strategic framework aligning with objectives and regulations
■ Defines rules, responsibilities, and practices for achieving goals and managing IT resources
4 points
Influence on IT Components
■ Shapes guidelines for recommended approaches in handling situations
■ Drives policy development, outlining organizational commitments (e.g., data
protection)
■ Impacts standards, defining mandatory rules for policy adherence
■ Ensures procedures align with objectives, providing task-specific guidance
Adaptation and Revision
Governance must adapt to technological advancements, regulatory changes, and industry culture shifts
■ Monitoring evaluates governance effectiveness and identifies gaps through reviews
■ Revision updates governance framework
