ISG (Information Security Governance) refers to the engagement of executive management in the issues surrounding how Information Security matters, assets, and risks are directed and managed.
ISG is the high-level involvement that a business entity introduces to achieve the correct information structure, leadership, and guidance, which help it to analyze and mitigate information security risks.
2. ISG moves information security from the technical arena or specialists to the business front burner by ensuring the involvement of those responsible for corporate governance (i.e. board-level management) in the security of an entity's information infrastructure.
3. It becomes necessary to have the board's involvement in order to create senior management awareness and secure their support in efforts to implement policies and processes for the security of information assets.
Generally, corporate governance consists of the set of policies and internal controls by which organizations are directed and managed. Information security governance should be a subset of an organization's overall governance program, which analyzes the risk management, reporting, and accountability responsibilities of senior management in solving information security challenges.