Governability is the degree to which an organization can direct and control a system through policies that are defined, communicated, monitored, and enforced.
Definitions
Governance of IT is the system by which the current and future use of IT is directed and controlled.
Policy and Procedures controls establish, disseminate, review/update, and enforce management direction for security and privacy controls.
Governance Aspects
- Policy expression: Formal, machine-readable or otherwise unambiguous rule definitions.
- Policy distribution: Reliable rollout plus stakeholder awareness and training.
- Violation detection: Continuous monitoring, auditability, and timely detection.
- Corrective action: Manual or automated response and remediation workflows.