Information security governance: walking in the customer's shoesInformation security governance is a major part of successful information risk management within any organization. Many organizations are affected directly or indirectly by laws and regulations, like HIPAA, Basel II, Sarbanes-Oxley, SAS 70, etc. These laws and regulations explicitly request a judgment on the quality of service and business processes including information risk management. Designing a corporate security framework (CSF, also called policy) could be a first step for an organization in taking information risk management to the top of the structure and in creating awareness throughout the entire organization. Depending on the status of the CSF, several specific services could be necessary:
|
   |
