|
Work item:
|
X.1054 (ex X.isgf)
|
|
Subject/title:
|
Information technology - Security techniques - Governance of information security
|
|
Status:
|
Approved on 2012-09-07
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
ISO/IEC 27014 (Common)
|
|
Timing:
|
-
|
|
Liaison:
|
ISO/IEC JTC 1/SC 27
|
|
Supporting members:
|
-
|
|
Summary:
|
This Recommendation | International Standard provides a framework of information security governance (ISG). Corporate governance requirements place increasing demands on organizations to demonstrate that they have effective internal control arrangements in place. One significant development is the inclusion of information security as part of operational risk in the wider corporate governance definition. Therefore, boards and executive management are increasingly looking for an ISG framework, which will help to achieve the objectives of the organization and meet corporate governance requirements.
The purpose of this Recommendation | International Standard is to promote effective, efficient, and acceptable use of information security activities in organizations by:
" assuring stakeholders that, if the Recommendation | International Standard is followed, they can have confidence in the organization's corporate governance of information security,
" informing and guiding directors in governing the use of information security activities in their organization, and
" providing a basis for objective evaluation of the corporate governance of information security.
The use of this Recommendation | International Standard will provide board of directors and management with the methodology to monitor and control (govern) the information security management system (ISMS) activities in order to meet the internal and external security requirements. Since many organizations need to establish and demonstrate the appropriate information security readiness to the various stakeholders, the governance concepts and implementation models proposed in this Recommendation | International Standard can support the process of directing and controlling the existing ISMS processes and controls.
The framework consists of objectives, principles, focus areas of ISG and it shows how the ISG is related with ISMS. The framework needs to be supported by successful ISMS.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2009-03-02 15:49:21
|
|
Last update:
2012-09-18 07:50:05
|
