A new framework for cybersecurity governance in large organizations
One of the most strategic challenges that organisations worldwide face is the setup of a suitable governance framework. Governance is directed by the board of directors, who set the direction for IT governance. Business and IT need to be well aligned to commonly meet the organisation’s overall strategy. Each IT goal must be derived from at least one business goal. For instance, cyber-security initiatives need to clearly link to business development and data protection strategies. Audit’s role is to provide independent assurance on the effectiveness of controls with regard to IT governance, and therefore to business objectives.