Information Security Governance Simplified 


By Todd Fitzgerald
Reviewed by Jeimy J. Cano M., Ph.D, CFC, CFE, CMAS

Bookstore Purchase the Book

Information Security Governance SimplifiedA recent Ernst & Young study about information technology tendencies warns that megatrends will have an impact on some risk categories imposed by the implementation of the role of IT in enterprises. Cloud computing, the persistence of cybercrime and malware on mobile devices (among others) are global realities that organizations should consider.

With this in mind, 2 of the risk categories most affected are information security and privacy—components that cut across the reputation of enterprises and affect operations. These risk categories constitute the first line of defense.

Information Security Governance Simplified helps readers understand information security governance from an executive’s perspective and covers the natural steps required to understand the challenges faced by information security executives. This includes defining the organization required for the function, speaking the language of the executive board, understanding security and control compliance frameworks, designing effective communication strategies, providing attention to IT audit visits, and understanding the relationship between information security and legal aspects.

A source of ideas and insights relevant to information security specialists, IT auditors and IT governance professionals, Information Security Governance Simplified offers alternatives and recommendations to enhance the practice of information security governance.

Information Security Governance Simplified is available from the ISACA Bookstore. For more information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore online or email

Jeimy J. Cano M., Ph.D., COBIT (F), CFE, CMAS, is a distinguished professor in the law department of the Universidad de los Andes, Colombia. He has been a practitioner and researcher in information and computer security, digital evidence and in computer forensics for more than 17 years in different industries. Cano is a member of the ISACA Publications Subcommittee.