In many organizations, the security team does not understand the company's business goals. As a result, there is little to no direction as to how security initiatives should be prioritized.
Businesses cannot operate without security, and security's goal is to enable safe business operations. Security governance supports the strategy and management of this system by creating a protective arch around business operations. Governance is the keystone that holds this program together, and while it may seem like only a tiny aspect of security, it plays a vital role in protecting businesses from threats.
Governance defines laws and sets standards, but only management can verify that these are observed.