Information Security & Information Governance – how they work together

Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialisation/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialisation. A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical […]