Information Security Governance

Digitalization necessarily leads organizations to rethink their information security strategies to counter all the risks inherent in cybercrime. Information security governance brings together all the essential elements of information policy and effective risk management. Without such governance, dangerous gaps persist, and assets are inevitably compromised. As threats increase, organizations need to focus on how to protect the information they handle. ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within an organization. This chapter aims to propose a capability maturity framework based on ISO/IEC 27001 to assess and improve information security governance in organizations