Security Governance Checklists
Security Governance Checklists provides lists of items that can be used to verify
that a program is being operated properly or to implement a set of procedures. The checklists are designed
to provide clear linkage to the Governance Guidebook to help programs develop in a unified manner. The
governance checklists include: Buy it!
1 How the business works
1.1 General business modeling issues
1.2 Sales, market, and brand
1.3 Process, work flow, and results
1.4 Resources, transforms, value
1.5 Supply, inventory, transport
1.6 AR/AP, collections, write-offs
1.7 Infrastructures, services, users
1.8 Cost, shrinkage, collapse
2 Oversight
2.1 Duty to protect
2.2 Business continuity and disaster recovery
2.3 GAISP overall review
2.4 ISO 17799 Governance Board
2.5 Risk tolerance and thresholds
2.6 COSO
2.7 Feedback to governance
2.8 Capability Maturity Level
2.9 Budget Source and Cost Chart
3 Business risk management
3.1 Risk evaluation
3.2 Interdependencies and Risk aggregation
3.3 Risk treatment
3.4 Risk management architecture
3.5 What to protect and how well
3.6 Overall risk management process review
4 Enterprise security architecture
4.1 Overall picture
4.2 Fulfilling the duties to protect
4.3 Top management vs. CISO responsibilities
4.4 CISO-related responsibilities and groups