The work of the company’s governance boards and committees is extremely important since these groups plan, design, negotiate, implement and provide oversight for the processes, policies, procedures, and other mechanisms used to guide, monitor, control, and assess the operations of the company. Each board is comprised of executives who each represent their functional areas or a group of internal stakeholders. Usually, there is a chair position that rotates among the members. If you would like to learn more about corporate governance in general, Deloitte’s report
Developing an effective governance operating model: A guide for financial services boards and management teams provides a brief but comprehensive overview (see
). You may also find this article
What is a management system?
, from the International Standards Organization, helpful as it explains what a
management system is and why standards are needed to define repeatable steps that organizations can use to ensure the effectiveness and efficiency of their management activities.
The next meeting of the IT Governance board will include a set of orientation briefings for the new members. If you had to make a recommendation to the IT Governance board for standards that should be followed as it relates to cybersecurity in an organization, what would that standard be? For example, the following IT management / IT security management frameworks, standards, and models.
1. COBIT
2. ITIL
3. ISO 27001 (ISMS Program Management)
4. NIST Cybersecurity Framework
5. NIST Security and Privacy Controls (NIST SP 800-53)
6. NIST Risk Management Framework (NIST SP 800-37)