Important of security governance, its dependence on other forms of governance, and its diverse application among industries

Abstract

This paper will discuss the different levels of governance and their relationship to each other---specific to information security. It will indicate the implications that corporate and IT governance have on security governance. The main priority of this paper will be to concentrate on three forms of governance that impact an organization---corporate governance, information technology governance, and information security governance. Specifically, how corporate and IT governance impact the success of information security governance. The paper will indicate the roles and goals of each form of governance and how they ultimately build to information security governance. It will also entail the methodologies used to implement good governance within an organization to understand how that impacts security governance. Upon reading this paper, the value and importance of governance will be visible. There is a varying degree of differences with the application and goals of security governance based on the industry---this will be discussed with an evaluation of four very different industries---the biotechnology, e-learning, healthcare, and the retail industry. Comparing such different industries will help to understand the wide range of variability involved in discovering the purpose and implementation of Information Security Governance.