04. Governance and Compliance
Governance and Compliance
ND545 C1 L2 04 Governance And Compliance Video
Summary
This lesson explains governance and compliance and how policies are used as a form of communicating corporate rules and enforcing compliance.
Governance - A strategic planning responsibility providing organizational oversight that sets policies and establishes practices to enforcement.
Compliance - Requirement all affected parties follow the same rules.
Audit - Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. (NIST Glossary)
Policies are the bedrock of a security program. Policies are:
- Formal statements, rules or assertions that specify the correct or expected behavior of an entity.
- Example: Acceptable Use Policy (AUP)
- Enforcement and compliance
- Written and accessible
New terms
- Governance: A strategic planning responsibility providing organizational oversight that sets policies and establishes practices to enforcement
- Compliance: The requirements of all affected parties follow the same rules.
- Audit: An independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
- Policy: Statements, rules, or assertions that specify the correct or expected behavior of an entity.
Definitions from the NIST CSRC Glossary: https://csrc.nist.gov/glossary
Further research
- ISACA, IT Governance Institute: https://www.isaca.org/about-isaca/it-governance-institute/pages/default.aspx
- NIST Glossary: https://csrc.nist.gov/glossary/