The primary objective is to design, implement and maintain a coherent set of policies, processes and systems to manage and minimise risks to information assets.
Organisations have many reasons to take information security very seriously, including legal and regulatory requirements targeted at protecting sensitive or personal data as well as commercial imperatives related to the protection of , intellectual property and trade secrets.
Organisations face information security challenges that directly impact information management practices. Following the high-profile organisational failures of the past decade, statutory authorities and regulators have created a complex array of new laws designed to force improvement in organisational governance, security, controls and transparency.
Aligned to the principles of ISO 27001:2006 Governance Manager’s information security governance framework assists organisations to maintain an appropriate information security management system with appropriate controls that delivers measurable benefits.