Governing for Enterprise Security
Governing for enterprise security means viewing adequate security as a non-negotiable requirement of being in business. If an organization’s management does not establish and reinforce the business need for effective enterprise security, the organization's desired state of security will not be articulated, achieved, or sustained. To achieve a sustainable capability, organizations must make enterprise security the responsibility of leaders at a governance level, not of other organizational roles that lack the authority, accountability, and resources to act and enforce compliance.
These web pages provide resources on how to manage security at the enterprise level.