IT Security Governance Overview

This video goes over a high level description of what IT security governance is, how it's implemented, and what types of frameworks exist to map your program.

This discussion is based on a blog post I wrote for Mach37, found here:
https://www.mach37.com/new-blog/2022/1/31/it-security-governance

I mention the 10 questions to start thinking about governance, which are listed in the above blog post. For quick reference they are below:

1.How does your organization make money?
2.What digital assets of value do you create, store, or control?
3.Are there business processes that must be functioning, stable and resilient for the business to succeed?
4.What are the top 5 worse-case scenarios that would case business impact?
5.Do any of the 5 worse-case scenarios rely on technology?
6.Would these scenarios be related to loss of data, loss of operations, or inability to conduct business?
7.What technology protections and detections are in place to reduce the risk of these scenarios being realized?
8.What governmental or industry regulations do you need to adhere?
9.What customer or partner contractual security requirements are accountable?
10.Are there NDAs or SLAs with customers or partners that you must meet or face material damages?

Here is the link to my video on talking to vendors:
https://youtu.be/VD04vKEfaPI

And here is a more recent version of the Talking to Vendors presentation I did as keynote to Business of Cybersecurity seminar:
https://www.youtube.com/watch?v=uiU043Cje_Y&ab_channel=BusinessofInfoSec

#cyberseucrity #governance #riskmanagement #ITsecurity #itsecuritygovernance