Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities.
For an organization that lacks a cohesive enterprise security governance program, establishing one may seem like an overwhelming endeavor. In fact, however, this is not the case. By breaking down enterprise security governance into its component activities, organizations can design and build a security governance program over time, tailoring it to suit their needs.
Toward this goal, Julia Allen, a senior researcher with CERT, has co-authored an implementation guide for enterprise security governance. In this podcast, we discuss that research and how organizations can use it as a framework for establishing effective, sustainable security governance programs.