Abstract This article proposes an information technology governance model that facilitates the direction, control and fulfillment of the objectives of the implementation and maintenance of the information security and privacy program proposed by the Ministry of Information Technology and Government Communications Colombian to state organizations in the framework of the digital government policy. Based on the identification of the regulations of the Colombia state for the implementation of the information security and privacy model, the analysis of the existing information technology governance frameworks that converge on the governance and management objectives of the information security and privacy model is continued and finally the model is structured of governance. contributes to the technological development of the Colombia society through the construction of an innovative tool that facilitates the direction, control and rapid adoption of the management system of information security and privacy defined by the Colombia State, which results in the assurance and privacy of information of all Colombian that is in the hands of state entities, reducing frauds, the exposure of our personal information among other risks.