Governance is the fourth core component of Middlebury's information security program. We view governance as the process of developing, maintaining, auditing, and enforcing the information security program. This includes the creation of policies and procedures, continual assessment and mitigation of risks and threats, managing the response to events and incidents, and providing strategic guidance for information security initiatives.

The following resources represent some of the governance efforts conducted by Middlebury's Information Security workgroup.