Security Roles & Responsibilities
Effective cyber security is dependent on defining and allocating roles and responsibilities within your organisation so it is clear who does what with regard to information security.
The following roles and responsibilities are recommended:
- Chairman, CEO, business owner – responsible for strategic direction with regards to cyber security and sign off on the company’s information security policy.
- Information security policy owner – someone at director level to take responsibility for circulating, maintaining and reviewing the information security policy. All senior management should actively support and implement the policy within their own business areas and ensure staff are aware of their responsibilities.
- Information security manager – someone to ensure implementation of the information security policy and plan.
All IT users should be required to follow the information security policy and procedures.
The specific roles and responsibilities will likely vary depending on the size and nature of the organisation. A smaller business may not require a full-time information security manager. However, regardless of the size of organisation it is important to clearly define and document who is responsible for what.
These security roles and responsibilities should not be ignored within an organisation.