Information security (IS) has become a major issue for businesses and communities in the context of digital transformation, business model changes, cyber threats, and compliance requirements. Starting from a hierarchical approach with the division of IS governance and management activities into three levels (strategic, tactical, and operational), it becomes easier to understand the areas of responsibility of each one. Such a framework offers a reading grid that focuses immediately on the main areas of governance and asks the right questions. The chapter also provides an overview of the key concepts discussed in this book. The book presents a framework for modeling the main activities of IS management and governance. It presents examples of using TLCF as a tool to self-assess governance practices. It is shown how this same framework can be applied to different security domains and how to adapt it to the needs of every company.