Governing for Enterprise Security Implementation Guide

963 KB | 3 files | null DOC,null PDF

Executives are increasingly being called to task for the security of their companies' data and networks. This guide will get you started on the path to an enterprise-wide security implementation plan.

This guide is designed to help business leaders implement an effective program to govern information technology (IT) and information security. Our objective is to help you make well-informed decisions about many important components of GES such as adjusting organizational structure, designating roles and responsibilities, allocating resources (including security investments), managing risks, measuring results, and gauging the adequacy of security audits and reviews. The intent in elevating security to a governance-level concern is to foster attentive, security-conscious leaders who are better positioned to protect an organization's digital assets, its operations, its market position, and its reputation.

Be forewarned - security is a relatively new area of governance for most organizations. It can be complicated for newcomers to IT and information security. Although the U.S. government has encouraged executives to take a more active role, many still do not understand that security requires action at the governance level. Based on organizations' growing dependence on IT and IT-based controls, information and IT security risks increasingly contribute to operational and reputational risk. Leaders must understand the legal, technical, managerial, and operational considerations that converge in an enterprise security program (ESP). Reading short executive summaries will not suffice. As with audit and compliance responsibilities, boards and senior officers need to thoroughly understand effective enterprise security governance and how to bring it about. For instance, beyond comprehending organizational structure, roles, and responsibilities, leaders need to understand the more detailed responsibilities and tasks required to develop and operate a sustainable security program. Tackling GES is complex, and requires learning information and gaining knowledge that is missing in many organizations today.

The GES Implementation Guide provides such guidance by providing a roadmap that describes actions, roles and responsibilities, and documented outcomes that occur at each step in the roadmap.

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.pdf
  • Governing for Enterprise Security Implementation Guide.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

Since 1984, the Carnegie Mellon Software Engineering Institute (SEI) has served as a federally funded research and development center. The SEI staff has advanced software engineering principles and practices and has served as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve our software-intensive systems. The SEI’s core purpose is to help organizations such as yours to improve their software engineering capabilities and to develop or acquire the right software, defect free, within budget and on time, every time.

All IT Downloads from Software Engineering Institute» | Visit Software Engineering Institute »
Related IT Downloads

Compliance2 Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ...  More >>

IT_Man77 Job Description: Technology Project Manager

Whether you're looking to hire one or looking for a position yourself, use this detailed job description to find out what the role of a Technology Project Manager entails. ...  More >>

Strategy2.jpg Case Studies in Strategic Planning

Chapter 1 delves into the first four stages of systematic strategic planning, including clarifying current conditions, identifying competitive advantages, defining opportunities and developing strategies. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.