Introduction
Although governance and security programs are discussed in our industry, not many organizations or security professionals fully understand all that is involved with each and the relationship between these two concepts.

It is not enough to have some security policies and then just concentrate on securing your network. To integrate security within business processes, an organization needs to have a robust information security program that maps to its business drivers, legal and regulatory requirements, and threat profile. The following series provides an introduction to what information security governance and a security program are and how to get them deployed within any environment.

What is information security governance?
Information security governance is similar in nature to corporate and IT governance because there is overlapping functionality and goals between the three. All three work within an organizational structure of a company and have the same goals of helping to ensure that the company will survive and thrive – they just each have different focuses.

Corporate governance has to do with how the board of directors and executive management run and control a company. IT governance is how technology is used and managed so that it supports business needs. There are many professional and official sounding definitions of information security governance such as the following by the IT Governance Institute in