Recommendation ITU-T X.1054 | International Standard ISO/IEC 27014 provides guidance on the governance of information security.
Information security has become a key issue for organizations. Not only are there increasing regulatory requirements, but also the failure of an organization's information security measures can have a direct impact on an organization's reputation.
Therefore, the governing body, as part of its governance responsibilities, is increasingly required to oversee information security to ensure that the objectives of the organization are achieved.
In addition, governance of information security provides a powerful link between an organization's governing body, executive management and those responsible for implementing and operating an information security management system.
It provides the mandate essential for driving information security initiatives throughout the organization.
Furthermore, an effective governance of information security ensures that the governing body receives relevant reporting – framed in a business context – about information security-related activities. This enables pertinent and timely decisions about information security issues in support of the strategic objectives of the organization.