Abstract
M.Comm.
This study will point out the need for information security governance. Since the risk that
a specific information security incident will occur is not always obvious, it is difficult for
an organisation to invest time and money in information security governance. An
information security governance model should therefore be extensive enough to include
all possible security scenarios. This should enable any implementing organisation to
prevent or indirectly intervene in the occurrence of security-related incidents within its
perimeters.
An analysis of the existing models will be conducted and will combine drivers from the
corporate governance, information technology governance and information security
governance disciplines. It can be expected that the information security governance
model will inherit a number of the respective best practice and related documents’
benefits and advantages. These inherited benefits add enormous value to both the best
practice model and the information security governance discipline.