Information security awareness newsletter August 2008 - information security governance Dear Clement, The field of corporate governance exploded onto management’s agenda following Enron’s collapse in 2000/2001 and the introduction of SOX (Sarbanes Oxley Act) in 2002. There has been some public discussion of IT governance since then but information security governance is still emerging from the murk. This month we expand on what ‘governance’ means and how it relates to information security in particular. It affects our target audiences (staff, managers and IT professionals) differently so we explain the implications in practical terms, covering the essential elements that everyone should comprehend. You may have seen the recent news about the arrest of a network administrator in San Francisco. As reported, the accused was solely responsible for designing, operating and securing the city government’s network. He allegedly refused to disclose the network admin passwords at first, preventing others from managing the network in his absence. While it’s far too early to determine whether there is any truth behind the allegations, the story has fascinating governance implications that find their way into one of the case studies and the newsletter. Kind regards, Gary Hinson CEO, IsecT Ltd. Download the newsletter (~148kb PDF) Copyright © 2008 IsecT Ltd. Information in the newsletter is provided free, for information only and 'as is'. Whilst believed correct, it is in no way comprehensive. It is provided for interest only and is not intended to be relied upon as formal advice. No liability is accepted for any errors or for any losses that may be incurred if any such information is relied upon. You may freely distribute the PDF version of the newsletter intact (including the copyright notice and attribition) but please let us know if you intend to post it on the web.  Find out more about NoticeBored here.