I     Governance of the Information Security Program

Action Summary

Management should promote effective IT governance by doing the following:

  • Establishing an information security culture that promotes an effective information security program and the role of all employees in protecting the institution's information and systems.
  • Clearly defining and communicating information security responsibilities and accountability throughout the institution.
  • Providing adequate resources to effectively support the information security program.


While IT governance is generally addressed in the IT Handbook's "Management" booklet, this booklet addresses specific governance topics related to information security, including the following:

  • Implementation and promotion of security culture.
  • Assignment of responsibilities and accountability.
  • Effective funding and use of resources.


Previous Section
Next Section
I.A Security Culture