Episode 9: Mitigating Risk: Information Security Governance

Resources:

• Visit the CIS Website

Highlights:

• The importance of information security governance
• Security vs. compliance
• Data – determining what you need and where to find it
• Understanding risk from a decision-basis
• Critical elements to fulfill business requirements
• Producing value in a compliance program
• Applying agility for continuous improvement

Good compliance = good security

Security is the practice of implementing effective technical controls to protect an organization’s digital assets. Compliance, on the other hand, is the application of that practice to meet regulatory or contractual requirements. Unfortunately, more often than not, organizations focus on compliance once a year when it’s time to certify that their “security is good.” The process of being compliant and secure should be a continuous process.