Information Security and Governance are terms being used frequently today, but they are almost as frequently misunderstood. It can be difficult to explain what security and governance really are, and why they are important. Security is often misunderstood as a hindrance to ‘getting the job done’ or productivity. Instead, we need to change the perception of security to that of a business support – a way to strengthen the business and make it better at what it does best. Security is a way to provide protection and stability, resilience and trust, and ensure that the business has one less thing to worry about.
Information security is focused on ensuring that the business has the data it needs to meet its mission, and that that data is accurate, current, trustworthy and available when needed – but only to the right people.
The next term mentioned in the title is ‘governance’. Governance can be described in many ways, but let’s focus for a moment the responsibility and accountability aspects of governance. To govern, to manage, to oversee is a term of responsibility. It indicates the role of a person that takes care of assets. protects the interests of others, and manages a program to use resources effectively.
Information Security requires governance. It requires oversight, planning, design, review, and correction where necessary. Security is a goal that must be described, planned-for, executed on and enforced. This is governance – the wise use of the tools at hand and the people available to ensure that the business has the infrastructure, data and procedures that will help it meet its goals and objectives.