Once information security (IS) has been accepted as an essential part of an organization’s mission, the task of actually implementing IS policies must be assigned to authorized employees. But with whom shall the responsibility for information security rest? Within your particular organization, who is an information security professional? Who has been trained and authorized to be tasked with the implementation of IS policy? This chapter looks at all tiers of a standard organization and evaluates what role each position should play in the structure of IS implementation (see Figure 3.1). We look at why every level needs to be ...