Governance is a huge and often daunting undertaking. But it is – or should be – the ultimate goal for which every IT security team strives. This paper covers where to start (focus on your greatest need) and what three fundamental things you should do