Mitigating Security Risks: Information Security Governance

IT Security    |    Intermediate
  • 20 videos | 1h 23m 7s
  • Includes Assessment
  • Earns a Badge
Rating 4.4 of 47 users Rating 4.4 of 47 users (47)
Adequate risk management requires the policies, procedures, standards, and guidelines that encompass effective information security governance are in place. This course shows you how to incorporate security governance as part of a robust security strategy. Examine the many security governance elements. Outline how to design, implement, and continually evaluate your strategy based on best practices. Define how security governance relates to the CIA Triad and distinguish between security governance and security management. Furthermore, investigate IT governance frameworks and compare centralized, decentralized, and hybrid structures. After taking this course, you'll recognize what's needed to implement a sound and robust information security governance strategy at your organization.


  • Discover the key concepts covered in this course
    Define information security governance
    Describe why security governance is needed
    List the benefits of security governance
    Outline the relationship between security governance and the cia triad
    List the desired outcomes of security governance
    Compare security governance and security management
    List the elements of security governance
    Define the role and importance of security policies, procedures, standards, and guidelines
    List the types of it governance frameworks
  • Describe the role of senior management in security governance
    Describe methods to create and deliver governance
    Describe the senior management roles and responsibilities in security governance
    List methods to review governance
    Describe the signs of security governance
    Outline some examples of missing governance
    List the reasons for ineffective security governance
    List some security governance best practices and outline the method to implement security governance
    List and describe the components of the security governance structure
    Summarize the key concepts covered in this course


  • 1m 43s
    In this video, you’ll learn more about the course and your instructor. In this course, you’ll learn about information security governance. You’ll also learn to identify the importance of security governance and to learn how it plays a key role in security strategy. You’ll discover various aspects of security governance such as its roles, methods to create and review, and reasons for ineffective security governance. You’ll also cover best practices for security governance. FREE ACCESS
  • 2m 42s
    In this video, you’ll learn more about the concept of information security governance. You’ll learn security governance is a method by which an organization directs and controls its IT security. The goal of security governance is to ensure security strategies of organizations are aligned with business objectives, mission, and vision. Security governance also ensures security strategies are consistent with regulations, laws, and compliance programs. FREE ACCESS
  • Locked
    3.  The Need for Security Governance
    4m 55s
    In this video, you’ll learn more about the reasons for security governance. You’ll learn the implementation and existence of security governance helps you fulfill several goals. First, it helps you bring together business goals and vision. Next, security governance helps you follow best practices. Additionally, security governance helps you bring together and ensure technical requirements are understood and implemented properly. It also helps you meet regulatory and legal requirements. FREE ACCESS
  • Locked
    4.  The Benefits of Security Governance
    4m 38s
    In this video, you’ll learn more about the benefits of security governance. First, you’ll learn about increased market value. Customers have more trust in organizations with security governance frameworks in place, allowing these organizations to generate more business. Organizations with a security compliance framework are more likely to get more business from the market. This increases the market value. Secondly, it lowers security risks, because security governance has a deployed risk management program. FREE ACCESS
  • Locked
    5.  Security Governance and the CIA Triad
    2m 33s
    In this video, you’ll learn more about the CIA Triad and its relation with security governance. You’ll learn about the CIA Triad’s three key components, confidentiality, integrity, and availability. Confidentiality in information security means information should only be accessible to authorized individuals and shared on a need-to-know basis. Next, integrity implies accuracy, reliability, and completeness of information. Information systems and information need to be protected from unauthorized tampering, modification, or alteration. FREE ACCESS
  • Locked
    6.  Security Governance Outcomes
    2m 19s
    In this video, you’ll learn more about security governance outcomes. You’ll learn the first outcome is risk management. It helps you identify, manage, and mitigate risks. The second outcome is strategic alignment. Security governance helps you align Information security with organizational objectives. Next, comes performance management which is defining, reporting, and using security governance metrics. It can also help you monitor and report security processes. FREE ACCESS
  • Locked
    7.  Security Governance vs. Security Management
    3m 34s
    In this video, you’ll learn more about the differences between security governance and security management. You’ll learn that when you talk about decisions in terms of security management, it’s all about how to mitigate the risk. Security governance decides who is authorized to take a decision. Next, when it comes to security control, security management only looks after the implementation of the security controls. They ensure security controls are appropriately placed and implemented. FREE ACCESS
  • Locked
    8.  The Elements of Security Governance
    6m 1s
    In this video, you’ll learn more about security governance elements. You’ll learn some of the key elements are strategic planning, organizational structure, the establishment of roles and responsibility, integration with the enterprise architecture, and documented security objectives in policies. In this video, you’ll look at each of these in detail. FREE ACCESS
  • Locked
    9.  The Role of a Security Policy
    2m 54s
    In this video, you’ll learn more about what security policy is. You’ll learn security policy defines the rules and guidelines for using assets. It also defines how an organization manages, protects, and distributes information. Basically, it defines how the confidentiality, integrity, and availability of assets and the information within the organization needs to be protected. A security policy is a live document and needs to be continuously updated with changing requirements. FREE ACCESS
  • Locked
    10.  IT Governance Frameworks
    12m 56s
    In this video, you’ll learn more about IT governance frameworks. You’ll learn there are different types of IT governance frameworks available. Not all IT governance frameworks will fit every organization. Depending on the nature of work your organization does, you’ll need to adopt the appropriate IT governance framework. Here, you’ll learn about some of the key IT governance frameworks available today. These include ISO 27001, PCI-DSS, then HIPAA, ITIL, and COBIT. FREE ACCESS
  • Locked
    11.  The Role of Senior Management in Security Governance
    7m 15s
    In this video, you’ll learn more about the key management problems. You’ll learn what happens with management in the context of security. You’ll also learn about security governance as it pertains to management responsibilities and their roles within security governance. First, you’ll discover management does not deal with security, the board of directors doesn’t get involved with strategic security decisions.  FREE ACCESS
  • Locked
    12.  Methods to Create and Deliver Governance
    6m 33s
    In this video, you’ll learn more about the four essential practices for a board within an organization. You’ll also learn about the paradigm shift and what is happening now in the context of security. You’ll learn about some of the senior management responsibilities. First, you’ll learn the board of directors, the chief information security officers, steering committee, and other executives, come up with a security strategy that helps in developing and providing strategic direction. FREE ACCESS
  • Locked
    13.  Senior Management Roles and Responsibilities
    5m 15s
    In this video, you’ll learn more about the key steps in security governance. These include create, deliver, and review. You’ll learn that to ensure security governance there are three steps you have to follow. First, you must Create Governance within the organization. Second, you need to Deliver Governance through the right stakeholders, and third, you have to Review the governance on a periodic basis to ensure everything is working as expected. FREE ACCESS
  • Locked
    14.  Methods to Review Governance
    3m 43s
    In this video, you’ll learn more about the reasons for reviewing governance and what do you do when you review governance. You’ll learn the reasons to review governance include because you want to find any mismatch between security goals and strategic goals. Your security goals should be based on your strategic goals. If they’re a mismatch, you can track this by reviewing governance. Reviews also help you find any security gaps in the implementation. FREE ACCESS
  • Locked
    15.  Signs of Security Governance
    3m 50s
    In this video, you’ll learn more about the signs of good security governance. First, you’ll everyone in the organization must be involved. This is because the security governance must start from top, the board, and go down to the last user. Everyone should know the importance of security and comply with it. The board must be involved in security-related decisions, which means they are not isolated. FREE ACCESS
  • Locked
    16.  Missing Security Governance
    2m 55s
    In this video, you’ll learn more about what happens if there is an absence of security governance. You’ll learn there are several key things that can happen when there’s an absence of security governance. This means the organization doesn’t have security policies or procedures in place. Or, even if the organization does have security governance in place, if the security policies and procedures are outdated they cannot be followed with the current security posture. FREE ACCESS
  • Locked
    17.  Reasons for Ineffective Security Governance
    2m 35s
    In this video, you’ll learn more about the reasons for ineffective security governance. The first reason could be there’s no authority delegation, which means there’s no authority to make decisions for security implementation. The next reason could be there’s no one to drive the security team to look at the security posture of the organization. Additionally, there may be no budget control authority, which means budgets aren’t properly defined. FREE ACCESS
  • Locked
    18.  Methods to Implement Security Governance
    3m 5s
    In this video, you’ll learn more about security governance best practices. You’ll look at some of the best practices to apply security governance within your organization. Information security activities should be governed based on the relevant information and requirements. These include law, regulations, and organizational policies. Information security responsibilities should be assigned and carried out by trained individuals within the organization. FREE ACCESS
  • Locked
    19.  The Security Governance Structure
    2m 3s
    In this video, you’ll learn more about security governance structures. You’ll learn there are three. You could have the centralized structure, the decentralized, or a hybrid structure. You’ll learn the centralized governance structure is controlled by a centralized team which consists of top executives within the organization. A decentralized governance structure works at the department level. They oversight responsibilities at their department level. The hybrid governance structure is a combination of centralized and decentralized structure. FREE ACCESS
  • Locked
    20.  Course Summary
    1m 38s
    In this video, you’ll summarize what you’ve learned in the course. You learned the basic concepts of security governance along with the concepts related to it. You explored information security governance, need for security governance, benefits of security governance, security governance and the CIA triad, and security governance outcomes. You also learned about security governance and security management, elements of security governance, role of a security policy, IT governance frameworks, and senior management. FREE ACCESS


Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.


Rating 4.3 of 23 users Rating 4.3 of 23 users (23)
Rating 4.6 of 419 users Rating 4.6 of 419 users (419)
Rating 4.3 of 65 users Rating 4.3 of 65 users (65)


Rating 4.3 of 65 users Rating 4.3 of 65 users (65)
Rating 4.3 of 70 users Rating 4.3 of 70 users (70)
Rating 4.4 of 519 users Rating 4.4 of 519 users (519)