Implementing Security Governance Processes in corporate environments: Compliance, Awareness and Risk Management

The following work focuses on the optimization of cybersecurity governance and compliance processes, a critical aspect for organizations navigating today’s evolving threat landscape. Inefficient or fragmented approaches to cybersecurity increase risks, hinder operational effectiveness, and pose challenges to regulatory compliance. This work explores the integration of global frameworks, such as NIST CSF 2.0, into strategies that align with organizational structures, resources, and objectives. It examines the development of tailored structured processes for cybersecurity compliance and focuses on three key processes: compliance workflows, cybersecurity awareness, and risk management strategies. A methodology was developed to map controls, schedule tasks, and integrate activities. Tailored elearning and the role of risk management in third-party assessments are analyzed, and a custom model for third-party risk assessment is discussed in order to provide effective implementation and adaptation to specific organizational contexts.