<P> The Software Engineering Institute at Carnegie Mellon University, in a publication titled Governing for Enterprise Security (GES) Implementation Guide, defines characteristics of effective security governance . These include: </P> <Ul> <Li> An enterprise - wide issue </Li> <Li> Leaders are accountable </Li> <Li> Viewed as a business requirement </Li> <Li> Risk - based </Li> <Li> Roles, responsibilities, and segregation of duties defined </Li> <Li> Addressed and enforced in policy </Li> <Li> Adequate resources committed </Li> <Li> Staff aware and trained </Li> <Li> A development life cycle requirement </Li> <Li> Planned, managed, measurable, and measured </Li> <Li> Reviewed and audited </Li> </Ul> <Li> An enterprise - wide issue </Li> <Li> Leaders are accountable </Li>

Different types of information used for security analysis