Security Management: First-Tier Governance Development
edited: Friday, May 13, 2011
By Robert E. Davis
Rated "G" by the Author.
Posted: Tuesday, April 29, 2008
Become a Fan
An essay linking key governance development issues.
Organizationally, governance is the system by which entities are directed and controlled. "Potential stakeholders usually rely upon governance elements prior to investing their time, talent, and/or money." Leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance enabling the flow of stakeholder expectations to construct an effective ISG framework. Descriptively; ISG development echoes how an entity's information security management team intends to accomplish the organizational safeguarding mission. Properly framed, ISG supports stakeholder expectations related to management's explicit or implicit fiduciary responsibilities.
When framing governance, domains can be formed and connected through parent-child information relationships. Idiomatically, a technological hierarchical structure is often called a tree. It is composed of a set of elements known as nodes that are abstractively linked. However, dissimilar to biological trees, technological trees have an inverted germination base, where lower-level accessibility is only achieved through top-down paths to associated elements. Regarding architectural design, the 'Governance Tree' paradigm currently has a 'height' of six (number of levels), a 'moment' of one-hundred-thirty-five (number of nodes), a 'weight' of one-hundred-twenty-eight (number of leaves), and a 'radix' of one (number of roots). Interpretively, present Governance Tree 'dimensions' enable describing managerial information and communication aspects permitting alignment of nodal families.
Information and decision theories have point convergences when conjoined with the binodal Governance Tree depicting entity relationships. Information theory practice domains include data processing systems design, organization analysis, and advertising effectiveness; whereas decision theory practice areas encompass organization, learning, cybernetics, and sub-optimization disciplines. At the application-level, information theory techniques can be utilized for classification determination, impact assessments, and technological valuations while decision theory techniques can be employed for objectives determination, interaction assessments, performance estimates, and organizational analysis.
Commonly, entities are developed to satisfy a perceived need for a particular product or service based on available information. Some individuals and groups may consider it an "inconvenient truth" that organizational activities are indirectly, if not directly, impacted by extrapolated external conditions presented in root information. Collectively, first-tier Governance Tree entities represent external parties capable of directing and/or controlling second-tier nodal information and communication activity. Specifically, first-tier external parties provide expectation information impacting linked nodes within the Governance Tree model.
Depending on an entity's technological advancement, information may be conveyed and received through visual, auditory, as well as sensation receptors that enable current or future processing of presented information for decisional application. The list of communicated expectations extends to acceptable organizational structures, financing sources, and business behaviors. Nonetheless, governance influence may be limited to a particular nodal type.
Governance Tree structural behavior should be studied as an open system that continually interacts with the external and internal environment through functionally adaptive mechanisms permitting perceived mission corrections. Organizational interactions exist in various forms, including strategic, operational, and compliance mandates. An active Governance Tree node must accurately forecast standard events impacting organizational plans or face the possibility of elimination or consolidation. Furthermore, stagnant items within a dynamic Governance Tree node will typically cease to significantly sway decisions over time.
Organizational units exist for various reasons. Threading from the first-tier Governance Tree level, linked leaves are inextricably affected by external forces. An organizational formation's continuity depends on relevant, accurate and timely external environment information assessments to drive appropriate governance. Management, especially information security management, can not establish an adequate safeguarding posture unless root expectations are understood and potential threats, weaknesses as well as opportunities are appropriately redressed. Applying the described Governance Tree framework allows methodological, value driven consideration, development and deployment of aligned programs that positively impact control environment awareness and subsequent resource allocation decisions.