Information security governance risk and compliance refer to the means of managing information security as well as the means of regulating the security systems put in place in a company to achieve its objectives.