icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Governing for Enterprise Security

Technical Note
By
In this 2005 report, Julia Allen examines governance thinking, principles, and approaches and applies them to the subject of enterprise security.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2005-TN-023
DOI (Digital Object Identifier)
10.1184/R1/6573995.v1
Topic or Tag

Abstract

Governing for enterprise security means viewing adequate security as a non-negotiable requirement of being in business. If an organizations management—including boards of directors, senior executives, and all managers—does not establish and reinforce the business need for effective enterprise security, the organizations desired state of security will not be articulated, achieved, or sustained. To achieve a sustainable capability, organizations must make enterprise security the responsibility of leaders at a governance level, not of other organizational roles that lack the authority, accountability, and resources to act and enforce compliance.  

This technical report examines governance thinking, principles, and approaches and applies them to the subject of enterprise security. Its primary intent is to increase awareness and understanding of the issues, opportunities, and possible approaches related to treating security as a governance concern. In addition, this report identifies resources for enterprise security that leaders can use both within their organizations and with their networked partners, suppliers, and customers.

SHARE
Download PDF
Cite This Technical Note

Allen, J. (2005, June 1). Governing for Enterprise Security. (Technical Note CMU/SEI-2005-TN-023). Retrieved December 22, 2024, from https://doi.org/10.1184/R1/6573995.v1.

@techreport{allen_2005,
author={Allen, Julia},
title={Governing for Enterprise Security},
month={{Jun},
year={{2005},
number={{CMU/SEI-2005-TN-023},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6573995.v1},
note={Accessed: 2024-Dec-22}
}

Allen, Julia. "Governing for Enterprise Security." (CMU/SEI-2005-TN-023). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, June 1, 2005. https://doi.org/10.1184/R1/6573995.v1.

J. Allen, "Governing for Enterprise Security," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2005-TN-023, 1-Jun-2005 [Online]. Available: https://doi.org/10.1184/R1/6573995.v1. [Accessed: 22-Dec-2024].

Allen, Julia. "Governing for Enterprise Security." (Technical Note CMU/SEI-2005-TN-023). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Jun. 2005. https://doi.org/10.1184/R1/6573995.v1. Accessed 22 Dec. 2024.

Allen, Julia. Governing for Enterprise Security. CMU/SEI-2005-TN-023. Software Engineering Institute. 2005. https://doi.org/10.1184/R1/6573995.v1

Ask a question about this Technical Note