Lesson Overview

This lesson focuses on the role of security governance. This is what puts the “G” in GRC.

Together, we'll go over:

• A high-level overview of what governance means to the organization
• Then will work our way through the most important governance functions, starting with strategic thinking
• Followed by championing security

Then we’ll spend the rest of our time talking about how governance interacts with operational security controls in:

• Designing measurement
• Measurement and reporting
• And finally, policy and procedure management

Governance is a wide-ranging GRC role with two important functions. First, the governance role plays a large part in creating a bridge between the organization and security. We’ll discuss this in our Strategic Thinking, Championing Security, and Policy and Procedure Management sections. Second, the governance role is responsible for working with operational security stakeholders to measure the effectiveness of existing security controls and remediating any deficiencies. We’ll discuss this part of the role in Designing Measurement and Measurement and Reporting.