Enterprise Governance

Accessing the Online Content

With this book, you get unlimited access to web-based CISM exam prep tools which include practice questions, flashcards, exam tips, and more. To unlock the content, you'll need to create an account using your unique sign-up code provided with this book. Refer to the Instructions for Unlocking the Online Content section in the Preface on how to do that.

If you've already created your account using those instructions, visit this link http://packt.link/cismexamguidewebsite or scan the following QR code to quickly open the website. Once there, click the Login link in the top-right corner of the page to access the content using your credentials.

Governance is an important aspect of the certified information security manager (CISM) exam. In simple terms, governance means a set of policies, procedures, and standards used to monitor and control an activity. Enterprise governance refers to policies, procedures, and standards put in place to monitor an entire organization. Information security governance is a subset of overall enterprise governance, and its objective is to monitor and control activities related to information security.

In this chapter, you will gain an overview of information security governance and understand the impact of good governance on the effectiveness of information security projects.

You will learn about how organizational structure and culture impact information security governance and details about the various roles and responsibilities of the security function. You will also be introduced to the best practices for implementing information security governance.

This chapter will cover the following topics:

• Importance of Information Security Governance
• Organizational Culture
• Legal, Regulatory, and Contractual Requirements
• Retention of Business Records
• Organizational Structure
• Maturity Model
• Governance of Third-Party Relationships
• Information Security Governance Metrics