- Defining Security Principles
- Security Management Planning
- Risk Management and Analysis
- Policies, Standards, Guidelines, and Procedures
- Examining Roles and Responsibility
- Management Responsibility
- Understanding Protection Mechanisms
- Classifying Data
- Employment Policies and Practices
- Managing Change Control
- Security Awareness Training
Examining Roles and Responsibility
Set information security roles and responsibilities throughout your organization.
Everyone has a role and is responsible for maintaining security in the information security process. The most important role belongs to management, who must set the tone for the entire information security program. This is not to diminish the roles of administrators and users, but without the appropriate management support, users will not take these efforts seriously.
Although information security professionals will have a more difficult time convincing users to participate in the security process, it does not absolve their responsibilities. Those whose role it is to be responsible for maintaining the information security environment should understand the roles of everyone in the organization and balance security of the information assets with the requirements of the business processes.