Security Governance rivals SOX 404...

All enterprises confront a category of unforeseen risk. Such risks hinge on events that “might happen,” but haven’t been considered by the organization and, therefore, yield too little information to disseminate to stakeholders. However, stakeholders can demand a management system for Security Governance that is comprehensive, proactive and relevant. The management system, as provided by executives, board members and oversight committees, includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. The system also incorporates a top management strategic policy that focuses on managing risk for Security Governance while reflecting the location, assets and purpose of the organization, enterprise or entity.

See full Article.