Abstract
Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance. The statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries such as retail/wholesale, banking, services, telecom, private and governmental organizations provides a record of current practices in information security governance. The findings allowed the authors to propose a practical framework to evaluate the information security governance in organizations.