4 Understanding Governance Processes and Elements

 

This chapter covers

  • Governance elements in cybersecurity
  • Regulations and laws
  • Standards
  • Policies
  • Procedures

Every organization has a purpose, whether that is providing essential products, specialized services, or other. To achieve their purpose, organizations must decide and act coherently. A valuable tool that helps align an organization's efforts to achieve their purpose are known as governance.

Governance is a structured framework through which an organization manages its operations and strategic planning. This framework includes compliance with laws, regulations, standards, policies, procedures, and guidelines to ensure that the organization's objectives are effectively met. In the context of cybersecurity, governance must ensure that security practices are aligned with business goals and missions, comply with regulatory requirements, while effectively mitigating security risks.

In this chapter, we will study the purpose of the key governance elements, including laws and regulations, standards, policies, procedures, and guidelines and how they are used in security governance. We will also provide practical examples of each element to clarify their roles and importance.

4.1 Governance Framework Overview

4.2 Laws and Regulations

4.2.1 General Data Protection Regulation (GDPR)

4.2.2 Health Insurance Portability and Accountability Act (HIPAA)

4.2.3 Gramm-Leach-Bliley Act (GLBA)

4.3 Standards

4.4 Policies

4.5 Procedures

4.6 Guidelines

4.7 Summary