Many organizations, in both the public and private sectors, have made improving digital information management practices a top priority. They are motivated by several considerations, such as the need to increase business process efficiency, the requirements of compliance rules, and the desire to offer new services. Information security is a critical aspect of information management that ensures the achievement of these objectives. However, information security management is much more than just new technical solutions. It has frequently involved implementing robust governance measures, too. This chapter’s central theme is the relationships between the cybersecurity governance function and its design, manifestation, and embedding in a digital organization. We introduce the role of governance for information security by providing an overview of the relevant governance key factors such as strategies, policies, procedures, oversight, decision-making hierarchies, risk management, due diligence, compliance, accountability frameworks, security concepts, safeguards, standards and guidelines, activities, training, best practices, assurance, economic considerations, and technology in the organization’s digital environment. The scope of this chapter is to enable the reader to explain how governance underpins an organization’s strategic and tactical cybersecurity management and the roles of the Board, senior management, technology management and investment, people and financial management in facilitating cyber risk management for better performance.
