Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Implement a Security Governance and Management Program

Align security and business objectives to get the greatest benefit from both.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail


  • Scott Trickett, Director of IS Infrastructure\Operations Chesapeake Employers’ Insurance
  • Dave Millier, CEO, Uzado Inc.
  • Three anonymous contributors

Your Challenge

  • The security team often doesn’t understand business goals.
  • The organization lacks direction regarding security initiatives and how to prioritize them.
  • Risks are not treated appropriately.

Our Advice

Critical Insight

  • Business and security goals should be the same. Businesses cannot operate without security and security's goal is to enable safe business operations.
  • Security governance supports security strategy and management. These three elements create a protective arch around business operations, and governance is the keystone. It seems like a small aspect, but it holds the whole program together.
  • Governance defines the laws, but they need to be policed. Governance sets standards for what actions are permitted, but only management can verify that these standards are being observed.

Impact and Result

  • Your security governance and management program needs to be aligned with business goals to be effective.
  • This approach also helps to provide a starting point to develop a realistic governance and management program.
  • This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security, while keeping costs to a minimum.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should implement a security governance and management framework, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

2. Develop an effective governance framework

Begin building your governance framework and deploy your three lines of defense.

3. Manage your governance framework

Maintain and improve your governance framework with these essential management activities.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Align business goals with security objectives

Call #1 - Understand what security governance means for you.
Call #2 - Governance Development Checkpoint I

Guided Implementation #2 - Develop an effective governance framework

Call #1 - Develop an effective framework.
Call #2 - Governance Development Checkpoint II

Guided Implementation #3 - Manage your governance framework

Call #1 - Metrics, audits, and why they matter.
Call #2 - Governance Development Checkpoint III

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world-class IT team.

An active membership is required to access Info-Tech Academy

New to Info-Tech Academy? Learn more here

Security Management

Establish the missing bridge between security and the business to support tomorrow's enterprise with minimal resources.
This course makes up part of the Security & Risk Certificate.

Please Note: This Academy course has NOT been updated to reflect the content from the blueprint above. The course content will be updated in August 2019.

Course information:

  • Title: Security Management
  • Number of Course Modules: 4
  • Estimated Time to Complete: 2-2.5 hours
  • Featured Analysts:
  • James McCloskey, Sr. Research Director, Security Practice
  • Gord Harrison, SVP of Research and Advisory
  • Now Playing: Academy: Security Management | Executive Brief