Management Responsibility
Management’s responsibility goes beyond the basics of support. It is not enough just to bless the information security program; management must own up to the program by becoming a part of the process. Becoming part of the process is showing leadership in the same manner as it does in other aspects of the organization.
When I tell this to people in management, I get a reaction of shock or horror. After all, they are not trained in technology or information security. I explain that they do not have to understand how it works, but they need to be involved to ensure that the business processes are protected and not hindered by security decisions. Management has specific goals for the organization, and most security and ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
