CHAPTER 9

Organizational Structure for Managing Information Assurance

Information assurance is an interdisciplinary and multidepartmental issue requiring commitment from the entire organization. Successful implementation of the IAMS depends on the availability of an organizational structure for managing information assurance. As detailed in Chapter 2, defining roles and responsibilities should be started during the Do phase. Experience has shown that ill-defined structures and ambiguous roles contribute to failures in information assurance management. Defining a “right” structure is the cornerstone for successfully implementing an information assurance program. Thus, it should have the highest priority compared with other controls.

Organizations ...

Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.