Security Governance Principles

Evaluate and Apply Security Governance

• Security governance

  • Collection of practices related to supporting, defining and directing the security efforts of an organization

  • Goal - maintain business processes while striving for growth and resiliency

  • Implementation of a security solution and a management method that are tightly interconnected.

• Control Objectives for Information and Related Technology (COBIT)

  • Documented set of best IT security practices - COBIT

  • Five key principles for governance and management of enterprise IT

    • Principle 1: Meeting stakeholder needs

    • Principle 2: Covering the enterprise end-to-end

    • Principle 3: Applying a single, integrated framework

    • Principle 4: Enabling a Holistic Approach

    • Principle 5: Separating Governance from Management

Security Framework References

• NIST 800-53

• NIST 800-100

Other Standards and Guidelines

• Open Source Security Testing Methodology Manual (OSSTMM)

• ISO/IEC 27002

• ITIL Library

• Alignment of Security Functions

• Organizational Processes

• Organizational Roles and Responsibilities