Information Security Governance

profilelogistics

 

The NIST Security Handbook states that governance is highly dependent on the overall organization structure.

  • Centralized maintain budget control and ensure implementation and monitoring of information security controls.
  • Decentralized have policy and oversight responsibilities and budget responsibilities for their departmental security program not the operating unit information security program. 
  • Reporting structures are different as well.
  • Governance structures can be hybrid, with a combination of characteristics from both centralized and decentralized

Discuss why Security Governance should use the stated structures. Provide a simple case study that in where an organization can benefit from such controls. Do you think all organizations follow this principle? 



    • 3 years ago
    • 10
    Answer(0)