The first step in establishing adequate information security management within any organisation is the formulation and approval of an overall information risk governance strategy.
This chapter explains information security governance and gives an overview of the development, implementation and maintenance of a successful ISMS. Lead implementers need to be able to sell the concept of an ISMS to top management (e.g. the governing body of a university) and to the senior operational board in order to get them fully behind the initiative, and this section also describes how to do that effectively. It forms part of Stage 1 – Foundations and Stage 2 – Planning, assessment and evaluation in the Toolkit Route map.
Chapter 2 - Information security governance
Resources for Chapter 2