The learning unit aims to give an overview of the current standards and best practices in information security governance. It starts from an overview of the information security governance and its relation with business and its KPI. The learning unit also relates the governance with the information security strategy. Finally the standard 27001 is presented, in particular regarding the audit process and how to perform it.