Sunday, May 26, 2013

Who pulls this all together...


Proper resourcing and role and responsibility definition is a major step in an effective information security program.

The sample structure below from ISACA shows the relationship of the major security functions and the high level role support required including:

  • CIO - Vision and strategy for information support for business strategy
Not included in this visual but no less important are role and responsibilities defined for these roles as well
  • CISO - Vision and strategy for security of information and it's support for the business strategy.
  • Security Manager - Day to day operations manager of information security functions
  • Security Administrator - Administration of security policies and technology.
  • Security Technician - Technical specialist for various technology groups (e.g. firewalls, servers, software, etc)
  • Security Officer - Physical security staff and environmental protection.


No comments:

Post a Comment