In plain dumb English, what is cybersecurity governance?

In language only a little more technical than you would use to explain it to a layperson, what is cybersecurity governance? Is it simply ruling over cybersecurity, having rules in place for how you must do it?
David GeerAsked:
Who is Participating?
btanExec ConsultantCommented:
Cybersecurity governance is about (a) making sure business run safely with minimal cyber risk and the (b) management board giving direction and oversight on the level of cyber risk in making sure business are adequately protected with acceptable measures, so as to be answerable to the user or customers of the business.

Overall it is to be able to answer as one "family" to such questions with confidence:

What is the company’s risk appetite?

 Have threat and vulnerability assessments been conducted to evaluate company risk?

 Does the organization have the expertise and resources needed to reduce risk?

 Have mitigations (controls) and countermeasures been adequately deployed?

What risk has the organization mitigated, removed, transferred, or accepted?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.