logo ORSYS Le mag

The training and skills medium

Home > Governance 🟩 Tool

Governance 🟩 Tool

In cyber security, governance is the set of processes, policies and structures designed to align IT security with organisational objectives, in order to protect systems and data while ensuring regulatory compliance.

Key concepts :

  • Governance framework Global structure that defines the roles, responsibilities and decision-making processes for cyber security.
  • Security policy IT policy: A set of rules and procedures governing the use of information systems and user behaviour.
  • Risk management The process of identifying, assessing and dealing with threats and vulnerabilities.
  • Compliance Compliance with applicable information security laws, regulations and standards.
  • Raising awareness Training users in good safety practice to reduce the risks associated with the human factor.

 

Main frameworks and standards commonly used for cybersecurity governance

  • ISO/IEC 27001 This is the international standard for information security management systems (ISMS). It provides a framework for establishing, implementing, maintaining and continuously improving an ISMS.
  • NIST Cybersecurity Framework Developed in the United States, this framework provides guidelines for improving the cyber security of critical infrastructures. It is widely adopted throughout the world.
  • COBIT (Control Objectives for Information and Related Technologies) A framework for the governance and management of enterprise information technology, developed by ISACA.
  • CIS Controls A set of 20 priority security checks to defend against the most common cyber attacks.
  • PCI DSS (Payment Card Industry Data Security Standard) Data security standard for the payment card industry.
  • SOC 2 (Service Organization Control 2) An audit framework for service providers, focusing on security, availability, integrity of processing, confidentiality and protection of privacy.
  • RGPD (General Data Protection Regulation) Although it is a regulation rather than a standard, it has a significant impact on the governance of cyber security in Europe.

 

Main certifications for cybersecurity governance

  • CISM (Certified Information Security Manager) Professional certification for information security managers, issued by ISACA.
  • CISSP (Certified Information Systems Security Professional) A widely recognised certification for cybersecurity professionals, issued by (ISC)².
Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST