Share on social networks!

Information Security Governance: ancestral practices in the face of an uncertain future.

The weight of the function of Government of Security

The role of Security Governance is becoming increasingly important in the daily operations of organizations, as swift, relevant, and proportional decision-making regarding information security has become crucial for business.

It no longer only serves the purpose of ensuring proper risk management in information handling, but also contributes to the ability to generate, maintain, and differentiate business value in the market, where intangible aspects such as explainability, transparency, trust, and reputation are increasingly important.

Today, organizations, regardless of their size, sector, or maturity, tend to focus their business on exploiting their data, whether it's customer behavior, product data, or data derived from more or less complex analytics to reach competitive insights.

And for this reason, the support that security governance provides to strategic management is crucial in contributing to the achievement of global objectives. An example of this is the latest update of the cybersecurity framework published by the NIST, which identifies the governance function as essential to providing the other functions (identify, protect, detect, respond and recover) with the context of the mission and expectations of all stakeholders, which is so necessary to achieve their own objectives.

Data

New scenarios, same practices

If we go back to the etymological origin of government, that of piloting a ship, an army, or a society, it remains fully valid. The ancient Romans already had well-established mechanisms of government to achieve their mission: the expansion of the Empire through the conquest of new territories.

In addition to being great strategists, they had clearly hierarchical structures in their armies (slaves, couriers, cartographers, translators, centurions, etc.) where each member knew their role and their contribution to achieving the mission. These members carried out their actions in a regulated and procedural manner and were governed by specific legislation, aligned with that applied to the rest of society.

And they even had the great philosophers, who sought answers to old questions or posed many new ones, a clear symbol of a quest for continuous improvement...and how can we not mention their memorable spies, key in detecting the weaknesses of enemies to be conquered and understanding their way of operating.

2 multidisciplinary army

Contained optimism

After this analysis, it seems clear that governance practices have not evolved significantly, and perhaps this fact is, paradoxically, a silver lining in the face of the dizzying prospect of changing, disruptive, and, why not say it, almost dystopian environments we have been facing in recent months in terms of Information Security.

If the role is well-defined, approved, and agreed upon, with an organizational structure that supports it, and ongoing coordination with the Directorate, it will be possible to guarantee the orchestration of resources aimed at anticipating new storms, improving our roadmap, equipping our ships with new technologies, training our military for new challenges, strengthening our lines of defense, and being able to adequately manage newly conquered third-party territories. And why not, contribute to the resolution of new ethical dilemmas that our ancestors never managed to pose.

And always keeping in mind that today, more than ever, human intervention (and not the divine intervention of the Roman gods) is necessary to ensure that the principles and ethical pillars of our society are preserved.

ethical hacking and offensive security

Learn much more in our Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.
Master Cybersecurity Professional Master

Leave a comment

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.