Corporate Governance and Information Security

Corporate governance has a long history of ups and downs within US corporations. With the recent streak of scandals affecting public companies, governance and related legislation has again been brought into focus. As an information security professional, it is important to understand corporate governance in general as well as what can be done to prepare for questions or audits of information technology and security resources. This discussion of corporate governance and some methods to prepare for participating in a firm's governance efforts will assist any information security professional in being prepared.