The concept of security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization. Supporting, defining, and directing are the building blocks in how well the organization is handling their approach to security.
Security governance should always start at the top of the management pyramid with senior leadership, structuring how an organization approaches security. The approach adopted various from organizaion to organization depending on many factors such as
- organization size
- security tolerances