Information Security For Business

What Roles & Responsibilities Should I Consider?

Effective protections of our homes requires someone to take responsibility for ensuring that effective security controls are in place, such as ensuring that appropriate building and contents insurance is obtained.

In the same way, someone in your organisation should take responsibility for ensuring that your company information is protected appropriately.

For information security to be effectively implemented it is essential that security related roles are defined. All staff within your organisations should know who fulfils these roles and what their general responsibilities are.

To enable information security procedures to be effectively implemented, it is essential that specific responsibilities are allocated to nominated employees.

For example:

Chairman, and top management: formally endorse (and actively support) the company security policy.
Information Security Manager: develop, implement and periodically review the company security policy and procedures.
Users: follow the procedures set out in the company security policy.

Responsibilities may vary according to the size and nature of the organisations. Some may not need a full-time Information Security Manager, but nevertheless the role should be clearly defined within a specified employees job description. On the other hand, large organisations may need to employ a number of people to carry out this role.

The security organisation should complement the business processes.

Read the next part of the Information Security for Business guide – What Security Do I Need?

1 2 3 4 5 6 7 8 9

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>