Focus on GovernanceIt's Hard to Get a Handle on, But Critical to Secure Institutions
Yet, as I heard most recently in a discussion with Stephen Katz, dean of CISO's, "Governance is probably the most misused, overused word around."
Think about it: What does governance really mean in the information security context? Are we talking about standards and controls within a security team? How that team interacts with the Information Technology group, or within the entire matrixed banking organization? Or are we stepping back and talking about how the security program touches and is touched by every aspect of the institution, from the board of directors to rank-and-file tellers?
Depends on whom you're talking to. Clearly, governance means different things to different people.
Which is why we paid special attention to the topic in February - to help demystify the term and create some common threads of discussion on current governance trends.
Among the pieces to review:
The State of Information Security 2008
Exclusive Survey Uncovers Disconnect in Efforts to Manage Vendors, Educate Customers
Governance plays a significant role in the coverage of this landmark study, as we analyze reporting relationships and management trends for banking/security leaders.
Background Checks: Best-Practices for Financial Institutions
Interview with Les Rosen, Expert in Employment Screening
Good governance begins with the hiring choices you make. Read or download this interview for insights on how best to screen prospective employees.
Governance Case Study: Synovus
Collaboration the Key to Creating, Enforcing Standards
See how this major bank holding company has created a uniform approach to governance for all 37 of its affiliate institutions
Stephen Katz on Top InfoSec Issues of 2008
Listen to the podcast, or read the transcript. In this exclusive interview with the world's first CISO, we explore the top banking/security issues of the day - including governance.
Again, it's a huge topic, and it can lead to many different flavors of conversations. But as Katz says, boiling governance down to its essentials, "It is a job, and I think the job of putting [governance] together rests right on the shoulders of the head of information risk or the head of security or the head of operations risk."
I'd welcome your thoughts on governance. Please feel free to write to me at firstname.lastname@example.org.