Cyber and information technology security governance refers to the system by which an organisation directs and controls IT security and, to a large extent, involves decision making to mitigate cyber risks.
By definition, this implies that cyber governance determines who is authorised to make decisions regarding the adoption of frameworks and the design and implementation of effective controls, which to a significant extent rely on continuous human involvement.
Cybersecurity is a human problem since it is a system and technology problem, not only in terms of strategy but also in ensuring that organisations are taking a human-centric approach to enhance cyber and information security controls.
Cyber and information security risks do not merely revolve around devices and security solutions. While some believe information security (Infosec) teams are the gatekeepers for all aspects of cybersecurity, it is, in fact, all employees who play a crucial role in keeping an organisation safe.
Effective cyber governance requires that the human factor receives significant attention to ensuring that employees are familiar with potential security threats and remain committed to the control environment and associated policies, processes and procedures required to mitigate the risks continuously effectively.
Corporate IT infrastructure, cybersecurity, and corporate governance requirements have become incredibly complex and continue to evolve.
The intricacy brought about by rapid…
The full article is reserved for our subscribers!
Read the full article by Graham Croock, Director, CyriskCo Advisory, as well as a host of other topical management articles written by professionals, consultants and academics in the April/May 2021 edition of BusinessBrief.
email@example.com | +27 (0)11 788 0880 |