Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

White Paper

Governing for Enterprise Security (GES) Implementation Guide Article 1: Characteristics of Effective Security Governance1

  • Abstract

    This article sets the stage for the Governing for Security Implementation Guide series. It first presents several key definitions for enterprise governance, IT governance, and security governance. It describes eleven characteristics intended to answer the question "How would I know effective security governance if I saw it?" The article goes on to compare and contrast both effective and ineffective security governance actions and then describes ten key challenges that leaders need to anticipate and address. 

  • Download