The connected and increasingly digitising world comes with benefits but also security risks. Your organisation needs a number of things to cope with the risks, such as preventive and reactive technologies, a security culture, an aware workforce – and security governance. But what exactly is security governance?
It is certainly dynamic, a process of establishing and maintaining a framework. The framework is based on the risks that the organisation has identified. It should ensure that information security strategies are aligned with and support business objectives, comply with applicable laws and regulations, and assign responsibilities.
In this N-sight, we started with ISACA and the COBIT frameworks, then went beyond to look at what organisations should pay attention to. Next, we heard two real-life stories about how companies implemented security governance: from Ageas and the Port of Antwerp.
Presentations and the recording from the event are available to Beltug members (after login).
- ISACA presentation: COBIT and beyond: what to focus on from a holistic approach
- Ageas User story: Is there a difference between ‘Cyber Security’ and ‘Information Security’?
- Port of Antwerp User story: Cybersecurity governance and risk management at Port of Antwerp