Role of the Information Security Department
The Information Security Department is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines, and procedures. They should provide security awareness education and ensure that everyone knows his or her role in maintaining security. Simply, the Information Security Department provides the mechanisms that support the security program outlined by the policy.
This department must be able to strike a balance between education and enforcement (see the “Security Awareness Education” section that follows). It will be difficult to find this balance. The policies guiding this group should be written down to ensure that these roles are clearly defined. ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
