Governance

Governance is a set of internal rules and policies that insures the organization remains focused on the achievement of a goal or objective. In cybersecurity matters, these policies and practices must be aimed at ensuring the protection of data and information systems. They must therefore provide rules and processes regarding physical and logical access, safety mechanisms, monitoring, permissions pertaining to data, data management, duties and responsibilities of staff members, incident mechanisms, etc. This includes the elaboration of compatible policies pertaining, among others, to third-party suppliers, remote work, the roles and responsibilities of the Chief Information Security Officer (CISO), the training of personnel, management of data breaches or cyber-incidents, etc. As such, it constitutes an important management tool to coordinate all the parts of an organization to improve overall data security while fostering a cybersecurity culture.