Dated: 06-11-2024
Ch01. whose Responsibility is Implementation of Information Security
Default Organizational Perception
- Security is responsibility of one person or one department
- Can get away with "security as an after-thought"
- Reactive
Security is Everyone's Responsibility
- Management commitment & tone at the top
- Security awareness campaigns/program
- A strong and effective security program
- Allocation of sufficient resources
Security Involvement and Accountability
- Effective security implementation should be built into the performance KPIs of key team members (management, technical, business)
- Annual appraisals, security awards and recognition
Post assessments
In the context of information security, ISMC stands for
- Information Security Management Class
- Information Security Management Committee
- Information Security Management Code
- Information Security Management Council
Security is the responsibility of
- Top Management only
- Everyone
- InfoSec team
- Network Administrator only