Skip Navigation
Main Content

2. Information security governance 

The first step in establishing adequate information security management within any organisation is the formulation and approval of an overall information risk governance strategy.

This chapter explains information security governance and gives an overview of the development, implementation and maintenance of a successful ISMS. Lead implementers need to be able to sell the concept of an ISMS to top management (e.g. the governing body of a university) and to the senior operational board in order to get them fully behind the initiative, and this section also describes how to do that effectively. It forms part of Stage 1 – Foundations and Stage 2 – Planning, assessment and evaluation in the Toolkit Route map.

 Key topics

  • The most critical components in the development, implementation and maintenance of a successful ISMS
  • How to use your organisational structure to give your ISMS the greatest possible chance of success
  • How to align your ISMS with your organisation’s business strategy

[PDF] Chapter 2 - Information security governance
[PDF] Resources for Chapter 2

Blank Image