Information Security Governance

Overview

Still stuck in operational security while leadership drives strategy? Tools don’t unlock promotions. Governance does. Today’s organizations reward professionals who align Information Security with business goals, justify investments, manage enterprise risk, and deliver measurable value. That’s the capability this course builds. This Information Security Governance course is built for professionals targeting CISM-level and executive-track security roles. In this course, you will: • Analyze real breaches like Equifax from a governance lens • Establish accountability through charter and RACI • Apply policies, ethics, and regulatory compliance confidently • Build and defend a business-aligned InfoSec strategy • Align security initiatives with enterprise objectives and risk Unlike theory-heavy programs, this course delivers a business-first governance approach backed by real breach analysis and proven strategy frameworks. By the end, you won’t just understand governance — you’ll confidently design, justify, and lead it within your organization. Enroll now and step into strategic security leadership.

Syllabus

Introduction to Information Security Governance

This module introduces the fundamentals of information security governance, including an overview of CISM certification. You’ll also explore key concepts such as governance objectives, security attributes, and the 2017 Equifax data breach case.

Organizational Culture and Legal/Regulatory Requirements

In this module, you’ll learn how organizational culture influences information security governance and the role of legal, regulatory, and contractual requirements. Topics include ethics in information security and effective business records management.

Governance Structures, Roles, and Responsibilities

This module covers organizational governance structures, the distinction between roles and responsibilities, and how to define them using tools like RACI charts. It also examines different governance models and their applications.

Developing Information Security Strategy

This module focuses on how to develop an information security strategy that aligns with business goals. You’ll learn to create a business case for information security and evaluate information asset value in relation to strategy development.

Aligning InfoSec Strategy with Business and Governance

In this module, you'll learn how to align your information security strategy with business goals and governance structures. Topics include identifying common pitfalls in strategy development and using governance to achieve a desired state.

Frameworks and Standards for Strategy Design

This module delves into the key frameworks and standards for designing an information security strategy. You’ll explore how to develop a security framework and the roles involved in strategy development, as well as governance framework components.

Strategic Planning and Execution

This module covers the practical aspects of executing an information security strategy. You’ll explore business process architecture, enterprise risk management, and how to link strategic planning to risk assessment and business goals for successful execution.