An Overview of Information Security Governance

IT Governance spans the culture, organization, policy and practices that provide for IT management and control across five key functions including Strategic Alignment, Value Delivery, Resource Management, Performance Management, and Risk Management. The risk management function is concerned with ascertaining that procedures are defined for ensuring that risks have been sufficiently managed, as well as including assessing the risk factors of IT investments. The increased use of networking solutions has meant that the key aspect of risk management function of IT Governance is focused on managing information and network security. The internet has progressed to become the common platform for connecting businesses and communities worldwide. Transferring information through the internet amid sophisticated networked systems and applications is a norm. While some previous research has identified the need for protective measures in operating networked systems, security management of information and networked systems is essential. This paper examines previous research on technology governance, risk management, and IT security management by using a broad risk management framework.