ABSTRACT
Information and Cyber Security Governance should specify the accountability, responsibility, and authority framework for an entity. Planning is a necessary managerial process in determining IAP objectives and goals for an entity. Entity governance needs to provide the means for administrative oversight to ensure IAP risks receive appropriate treatment, while ISG manager-leaders ensure that authorized risk treatment strategy enactment occurs as intended. The organizing process transforms the IAP action plan into controllable areas and includes the grouping of activities based on efficient usage of available resources. Whereby organizational direction permits the managerial function to regulate the activities or action courses of entity personnel. Where enacted, control activities help ensure the following of management directives. Chapter 3 addresses the planning, organizing, orchestration, directing, and controlling cycle in managing ISG, enabling a well-informed and reasonable sense of certainty that information risks and controls appropriately balance.
