Home » Security Bloggers Network » Introduction to Governance, First of a Series

Introduction to Governance, First of a Series

by Dan Holzman-Tweed on February 15, 2010

Governance is the foundation that effective security is built on. It’s a big word for a common-sense idea: things work better if you know what you’re trying to do and how you’re willing to do it than if life is an endless flailing reaction of whatever the latest situation drops in your lap. Boy Scouts have been telling people to “be prepared” for a long time.

If it’s such an easy idea, why do so many people get wrong, in their personal lives and in business? I’m not sure – maybe the root-word “govern” is intimidating. Maybe people don’t like admitting that bad things may happen to them. Maybe there’s always a short term priority – getting the latest update to market, watching the latest TV show, catching up on my infosec blog… OK, maybe not the last. But you get the idea: setting aside some time to plan ahead just doesn’t seem like a lot of fun if you’re not into this stuff and there’s something else you could be doing that’s bright and shiny and it’s even easy to see how it pays off now.

Nothing new there, people don’t write wills and don’t back up data files for the same reasons. People probably also don’t know that they already do governance, and all that would be different is writing down what you already think and might even say.

In the governance-related posts, I’ll discuss several things we call governance collectively in a bit more detail. In the meantime, which of these things do you already think about, talk about, and write down in your personal and professional life:

Mission/Vision/Charter – An overall statement of what you’re trying to accomplish.
Policy – A broad statement of how you intend to accomplish your mission/vision.
Standard – A specific statement of how you intend to make your policy a reality.
Guideline – A specific statement of advice on how to adhere to your standard.
Procedure – A specific list of steps to perform in order to accomplish a task in a way that fulfills your policies, standards, and guidelines.

*** This is a Security Bloggers Network syndicated blog from Defense Rests authored by Dan Holzman-Tweed. Read the original post at: http://defense-rests.blogspot.com/2010/02/introduction-to-governance-first-of.html

February 15, 2010February 27, 2010 Dan Holzman-Tweed governance, introductions

Introduction to Governance, First of a Series

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Husband and Wife’