Essential Guide

Browse Sections


This content is part of the Essential Guide: An IT security strategy guide for CIOs

enterprise security governance

Contributor(s): Ben Cole

1. Enterprise security governance is a company's strategy for reducing the risk of unauthorized access to information technology systems and data.

Enterprise security governance activities involve the development, institutionalization, assessment and improvement of an organization's enterprise risk management (ERM) and security policies. Governance of enterprise security includes determining how various business units, personnel, executives and staff should work together to protect an organization's digital assets, ensure data loss prevention  and protect the organization's public reputation.

Enterprise security governance activities should be consistent with the organization's compliance requirements, culture and management policies. The development and sustainment of enterprise security governance often involves conducting threat, vulnerability and risk analyses tests that are specific to the company's industry. 

2.  Enterprise security governance is a company's strategy for reducing the chance that physical assets owned by the company can be stolen or damaged.  In this context, governance of enterprise security includes physical barriers, locks, fencing and fire response systems as well as lighting, intrusion detection systems, alarms and cameras.

See also: physical security, information-centric security, information security management system 


This was last updated in September 2011

Continue Reading About enterprise security governance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats

Powered by:





  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...