Information security governance and how to accomplish it

The risks and costs of information security, numerous external and internal requirements and obligations to customers, are the reason for the interest of security at the highest level in companies. A set of activities which describes the involvement of the management board, executive management, specialized committees, ad-hoc groups and security managers is referred as Security Governance. While the principles of information security governance are relatively defined, the universally accepted methodology for its introduction in business environment is missing. This raises the question whether there is a connection between other concepts of good practices in the field of security and IT management with Security Governance. Outlining the process of corporate security and its reference to other concepts of security and IT management, are the aims of this work.