Corporate Governance is top of mind in boardrooms across Australia. It is now widely understood that effective corporate governance is required to protect the interest of an organisation’s stakeholders, which in turn protects Australia’s economic and social interests.
Information Technology (IT) governance is a relatively new topic that is gaining more attention as public and private organisations realise that the dependence on technology has resulted in a need to also have strong IT governance in order to support corporate governance requirements.
Security Governance is a very new topic that still has not made its introduction into many boardroom agendas. However, there is an increasing realisation domestically and abroad that an organisation cannot effectively achieve its corporate and IT governance objectives without a strong and effective security governance framework.
The Department of Communications, Information Technology and the Arts (DCITA) on behalf of the Information Technology Security Expert Advisory Group (ITSEAG) engaged KPMG to assess and develop a report on leading practice for the governance of IT and information security matters for the corporate governance needs of owners and operators of critical infrastructure.
This report contains the summary of research, consultations and thought leadership to provide owners and operators of critical infrastructure with guidance on the following:
• What are the drivers, risks and threats to security for critical infrastructure industries?
• What is security governance?
• How is security governance related to security management?
• Why is security governance important?
• How can we achieve strong security governance?