Discussion: Corporate Governance for Information Security Governance
According to the IT Governance Institute, "IT Governance is the responsibility of the Board of Directors and Executive Management" but who should be responsible for Information Security Governance and why? If possible, please provide examples from your organization and how easy or difficult is to make this happen.
You can also refer to this document for more information:
Brotby, W. K. (2006). Information Security Governance: Guidance for Boards of Directors and Executive Management. 2nd. Edition. IT Governance Institute.