Skillset groupings cover how we put people in the right role according to the traditional People/Process/Technology matrix.
CISSP; CISM; MSISM; Certified Information Security Auditors (CISAs)
Now we need to talk about who’s going to do this. How do we put people in the right role?
What I have found is that if you group these areas of responsibility in the traditional People/Process/Technology matrix, here’s how it breaks out.
You should have a business-minded person for security organization management. I only assign one area to the business person, but trust me when I say that having a person solely focused ...