The overall management and oversight of an organization’s information security program. This includes defining the roles and responsibilities of individuals and groups within the organization, establishing policies and procedures for information security, and monitoring compliance with those policies and procedures. Information security governance is used to ensure that the organization’s information and systems are secure, and that the organization’s information security program is effective.