Skip to Main Content
This chapter begins with consideration of the drivers for information security management and how this has evolved into information security governance. The four primary framework approaches for information security governance are then reviewed and deficiencies in each discussed. We then proceed to consider what a comprehensive (holistic) approach for information security governance needs to cover; along with organization, policies and requirements with risk identification and analysis, technical controls. Operational controls are covered in succeeding chapters.