Proper resourcing and role and responsibility definition is a major step in an effective information security program.
The sample structure below from ISACA shows the relationship of the major security functions and the high level role support required including:
- CIO - Vision and strategy for information support for business strategy
Not included in this visual but no less important are role and responsibilities defined for these roles as well
- CISO - Vision and strategy for security of information and it's support for the business strategy.
- Security Manager - Day to day operations manager of information security functions
- Security Administrator - Administration of security policies and technology.
- Security Technician - Technical specialist for various technology groups (e.g. firewalls, servers, software, etc)
- Security Officer - Physical security staff and environmental protection.