Governing Information Security

As the security posture of the incorporated entity is shaping up, the need to integrate it with other aspects of corporate activities and structures arises. Inevitably this question is asked sooner or later (we prefer the sooner option!):

How do I direct and control information security?

Our answer to this question is the Information Security Governance Framework.

Following a classical corporate governance structure, the framework addresses both compliance and performance related activities. It also highlights the orientation of those activities (past, present and future). The nature of the roles and activities (external and internal facing) is also addressed.

The framework draws a clear demarcation line between governance and management, and is based on five "Point of Views". These Point of Views are:

The sixth "View" establishes the link from governance to management.

<back to top>

The diagram below depicts these views:


Please click on the image for a larger version.

This framework is the flagship product of Performance Resources. It contains the latest results of our research in this field and is updated regularly. We believe that we present some advanced thinking and extend existing knowledge in this area of corporate governance.

Using this framework is beneficial (apart from the obvious benefit of having cutting edge thinking employed), because

For relevant capabilities please read the Governance and Performance Metric Creation sections in the Consulting category here, and the Temporary CISO... section in the Management category here.

If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.

<back to top>