IT GovernanceEnterprise security governance is a company’s strategy to reduce risk by protecting systems and information, as well as its execution of that strategy.
1. Enterprise security governance is a company’s strategy for reducing the risk of unauthorized access to information technology systems and data.
Enterprise security governance activities involve the development, institutionalization, assessment and improvement of an organization’s enterprise risk management (ERM) and security policies. Governance of enterprise security includes determining how various business units, personnel, executives and staff should work together to protect an organization’s digital assets, ensure data loss prevention and protect the organization’s public reputation.
Enterprise security governance activities should be consistent with the organization’s compliance requirements, culture and management policies. The development and sustainment of enterprise security governance often involves conducting threat, vulnerability and risk analyses tests that are specific to the company’s industry.
2. Enterprise security governance is a company’s strategy for reducing the chance that physical assets owned by the company can be stolen or damaged. In this context, governance of enterprise security includes physical barriers, locks, fencing and fire response systems as well as lighting, intrusion detection systems, alarms and cameras.