From information security to ... business security?

This short opinion paper argues that information security, the discipline responsible for protecting a company's information assets against business risks, has now become such a crucial component of good Corporate Governance, that it should rather be called Business Security instead of Information Security. During the last year or two, driven by developments in the field of Corporate Governance, including IT Governance, it became apparent that the scope of Information Security is much wider than just (directly) protecting the data, information and software of a business. Such data, information and software had become invaluable assets of the business as a whole, and not properly protecting this information could have profound business and legal implications. Basically, the data and information of the business became its 'life blood', and compromising this life blood, could kill the business. Executive Management and Boards started realizing that Information Security Governance was becoming their direct responsibility, and that serious personal consequences, specifically legally, could flow from ignoring information security. Information security governance had become an