SummaryRecommendation ITU-T X.1054 | International Standard ISO/IEC 27014 provides guidance on the governance of information security. Information security is a key issue for organizations, amplified by rapid advances in attack methodologies and technologies, and corresponding increased regulatory pressures. The failure of an organization's information security controls can have many adverse impacts on an organization and its interested parties including but not limited to the undermining of trust. Governance of information security is the use of resources to ensure effective implementation of information security, and provides assurance that: • directives concerning information security will be followed; and • the governing body will receive reliable and relevant reporting about information security related activities. This assists the governing body to make decisions concerning the strategic objectives for the organization by providing information about information security that may affect these objectives. It also ensures that information security strategy aligns with the overall objectives of the entity. Managers and others working in organizations need to understand: • the governance requirements that affect their work; and • how to meet governance requirements that require them to take action. |