enterprise security governance

1. Enterprise security governance is a company's strategy for reducing the risk of unauthorized access to information technology systems and data.

Enterprise security governance activities involve the development, institutionalization, assessment and improvement of an organization's enterprise risk management (ERM) and security policies. Governance of enterprise security includes determining how various business units, personnel, executives and staff should work together to protect an organization's digital assets, ensure data loss prevention  and protect the organization's public reputation.

Enterprise security governance activities should be consistent with the organization's compliance requirements, culture and management policies. The development and sustainment of enterprise security governance often involves conducting threat, vulnerability and risk analyses tests that are specific to the company's industry. 

2.  Enterprise security governance is a company's strategy for reducing the chance that physical assets owned by the company can be stolen or damaged.  In this context, governance of enterprise security includes physical barriers, locks, fencing and fire response systems as well as lighting, intrusion detection systems, alarms and cameras.

See also: physical security, information-centric security, information security management system 


This was last updated in September 2011

Continue Reading About enterprise security governance

Dig Deeper on Compliance