Assessing an information security governance of an enterprise

We claim: 1. A computer implemented method for assessing an information security governance of an enterprise, the method comprising: classifying, by a processor, the information security governance into a plurality of sub-information security governances, wherein the information security governance is indicative of governance practices to govern security of information and information assets of the enterprise; defining, by the processor, a plurality of governance focus areas and a plurality of governance control dimensions for a sub-information security governance, wherein the plurality of governance focus areas are indicative of governance areas relevant to the sub-information security governance, and wherein the plurality of governance control dimensions are indicative of governance actions required on the plurality of governance focus areas, wherein the governance control dimensions comprises of a preventive dimension, a detective dimension, and a reactive dimension; checking a compliance, by the processor, of the governance practices of users a) in the sub-information security governances, b) in the plurality of governance focus areas, and c) in the plurality of governance control dimensions; assigning, by the processor, weights to each of the plurality of governance focus areas, to each of the plurality of governance control dimensions, and to the sub-information security governances; determining, by the processor, a score for each sub-information security governance in each governance focus area and in each governance control dimension based on the compliance and the weights assigned to the plurality of governance focus areas, the plurality of governance control dimensions, and to the sub-information security governances; and calculating, by the processor, an aggregated score for the sub-information security governance by aggregating the score of each of the governance focus area in each of the governance control dimension based on the compliance and the weights; calculating, by the processor, a reference score for the sub-information security governance by aggregating the weights assigned to the sub-information security governance, the plurality of governance focus areas, the governance control dimensions and the maximum value obtained for the compliance; assessing, by the processor, the effective information security governance of the enterprise based on the calculated aggregated score for each of the sub-information security governance and the calculated reference score for each of the sub-information security governance. 2. The method of claim 1 , wherein the checking compliance further comprises presenting an information security governance questionnaire to the users. 3. The method of claims 1 and 2 , further comprising receiving responses from the users based on the information security governance questionnaire. 4. The method of claim 3 , further comprising determining a value based on the responses. 5. The method of claim 1 , further comprising comparing the aggregated score with a reference score. 6. The method of claim 1 , wherein the plurality of sub-information security governances comprise an effective information security governance, an efficient information security governance, an accountable information security governance, and a responsive information security governance. 7. The method of claim 1 , wherein the plurality of governance focus areas are an information security awareness, an information security culture, an information security decision making, an information security management, an information security strategy, an information security policy, information security roles and responsibilities, and an information security competence. 8. A system for assessing an information security governance of an enterprise, the system comprising: a processor; and a memory coupled to the processor, wherein the processor executes a plurality of modules stored in the memory, and wherein the plurality of modules comprising: a classifying module to classify the information security governance into a plurality of sub-information security governances, wherein the information security governance is indicative of governance practices to govern security of information and information assets of the enterprise; a defining module to define a plurality of governance focus areas and a plurality of governance control dimensions for a sub-information security governance, wherein the plurality of governance focus areas are indicative of governance areas relevant to the sub-information security governances, and wherein the plurality of governance control dimensions are indicative of governance actions required on the plurality of governance focus areas, wherein the governance control dimensions comprises of a preventive dimension, a detective dimension, and a reactive dimension; a checking module to check a compliance of the governance practices of users a) in the sub-information security governances, b) in the plurality of governance focus areas, and c) in the plurality of governance control dimensions; an assigning module to assign weights to each of the plurality of governance focus areas, to each of the plurality of governance control dimensions, and to the sub-information security governances; and a determining module to: determine a score for each sub-information security governance in each governance focus area and in each governance control dimension based on the compliance and the weights assigned to the plurality of governance focus areas, the plurality of governance control dimensions, and to the sub-information security governance; and calculate an aggregated score for the sub-information security governance by aggregating the score of each of the governance focus area in each of the governance control dimension based on the compliance and the weights calculate a reference score for the sub-information security governance by aggregating the weights assigned to the sub-information security governance, the plurality of governance focus areas, the governance control dimensions and the maximum value obtained for the compliance; assess the effective information security governance of the enterprise based on the calculated aggregated score for each of the sub-information security governance and the calculated reference score for each of the sub-information security governance. 9. The system of claim 8 , wherein the checking module presents an information security governance questionnaire to the users. 10. The system of claims 8 and 9 , wherein the checking module receives responses from the users based on the information security governance questionnaire. 11. The system of claim 8 , wherein the checking module further determines a value based on the responses. 12. The system of claim 11 , wherein the checking module compares the value with a reference value. 13. The system of claim 8 , wherein the determining module compares the aggregated score with a reference score. 14. The system of claim 8 , wherein the plurality of sub-information security governance comprise an effective information security governance, an efficient information security governance, an accountable information security governance, and a responsive information security governance. 15. The system of claim 8 , wherein the plurality of governance focus areas are an information security awareness, an information security culture, an information security decision making, an information security management, an information security strategy, an information security policy, information security roles and responsibilities, and an inf