Stop me if you’ve heard this before –
INFORMATION SECURITY IS NOT SOLELY THE RESPONSIBILITY OF THE IT DEPARTMENT.
Thanks, I had to get that off my chest. But it’s true. Information security affects everyone no matter what their station or position in an organization. And when it comes to a mature Information Security program, there are dozens of touch points across an organization.
Sure, IT and Business Unit Managers are part of the program but what about some of the others? When you think about it, Information Security regularly interacts with:
- Human Resources
- Legal/General Counsel
- Physical/Corporate Security
- Compliance Office
- Privacy Office
- Insurance
- Procurement/Purchasing
- Vendor Management
- Project Management Office
- Change Control Board
- QA
And last but not least, end users themselves. It does indeed take a village, but security is such a far-reaching function that, eventually, it touches anyone using a computer or industrial tool.
I take a little deeper look into the various interactions with each of these areas in a new discussion on my Teachable site – check it out while it’s on sale.
