Usually, a formal information security governance (ISG) program is required to promote information assets safeguarding. ISG programs should ensure the Control Objectives for Information and related Technology (COBIT) framework confidentiality, integrity, availability, compliance, and reliability information criteria compromise does not occur through gaps in controls. Therefore, the information security program and associated systems, processes, and activities need regular quality and compliance assessments. Monitoring and evaluating information security drives assurances provided or obtained through due care and due diligence as well as enables managerial fiduciary oversight expectations fulfilment. Planning and organizing are essential to organizational cohesiveness. |