Skip to content
Log in

Security governance

Definition

The set of structures, roles, policies, and accountability mechanisms by which an organisation directs, controls, and monitors its information security activities. Governance answers who decides, what rules apply, and how compliance is verified.

Related terms

CISO (Chief Information Security Officer)
The senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee...
Governance, Risk, and Compliance (GRC)
An integrated discipline that combines governance structures, risk management processes, and compliance monitoring into a unified programme. GRC platforms and frameworks allow...
Policy hierarchy
The layered document set that translates governance intent into operational requirements. Tiers typically run: information security policy, topic-specific policies, standards, procedures, and...
Risk appetite
The amount and type of risk an organisation is willing to accept in pursuit of its objectives, as defined by its governing...
Three lines of defence
A governance model that separates security responsibility into three distinct layers: operational management that owns controls (first line), risk and compliance functions...

Explained in

  • Security Governance Frameworks OverviewThe set of structures, roles, policies, and accountability mechanisms by which an organisation directs, controls, and monitors its information security activit...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account