New Guidance Helps CEOs and Boards Fulfill Responsibility for Information Security
Rolling Meadows, IL, March 29, 2006 -- While organizations can survive the loss of most assets, such as facilities and equipment, few can recover from ths loss of critical information, including financial or customer data. To effectively protect this critical asset, information security must be addressed at the highest level of the organization, by boards of directors and chief executive officers (CEOs).
To help boards and CEOs fulfill their growing information security responsibilities, the nonprofit IT Governance Institute released today the second edition of Information Security Governance: Guidance for Boards of Directors and Executive Management, sponsored by Unisys and available as a complimentary download at www.itgi.org. A related slide presentation, Top Actions for Security Managers, is available as a complimentary download at www.isaca.org/topactions.
"Information security is a critical business issue that can improve reputation and trust, as well as efficiency by avoiding wasted time and effort recovering from a security incident," said Everett Johnson, CPA, international president of the IT Governance Institute. "It's not something that can be relegated to the IT department."
The updated guidance includes actions that boards and executive management can take to ensure effective information security governance. An easy-to-read laminated card is included that lists information security governance responsibilities, the benefits of information security governance, and the 15 elements of a comprehensive security program. The card also notes five positive outcomes of a successful information security program:
- Information security is aligned with business strategy to support the business.
- Risks are managed to reduce impacts on information.
- Resources are managed by using information security knowledge and infrastructure effectively and efficiently.
- Information security governance metrics are used to measure, monitor and report progress.
- Information security investments deliver value to the business.
"With increasing globalization, privacy compliance issues, regulatory requirements and the risk of security breaches, organizations are evolving in their thoughts about information security," said Krag Brotby, author of the publication. "Boards of directors and executive management are realizing that information security can deliver real value to the organization and are incorporating information security governance into their overall enterprise governance programs."
More on governance
Crafting Information Technology Governance
Companies Still Struggling to Comply with SOX and Other Legal and Regulartory Requirements
Copyright 2006. Taylor & Franics Group. All rights reserved.