Weitere Kapitel dieses Buchs durch Wischen aufrufen
All information security professionals around the globe acknowledge that “everyone is responsible for information security” in a company. This trivial statement looks clever but hides core challenges, ”Who is everyone? How does everyone contribute or challenge information security?”
In our researched project we researched in-depth roles, processes and interaction in the corporate information security, by creating a framework for crystal clear defined roles and its associated security obligations and responsibilities. 20 corporate roles are analyzed from management and security perspective; classical interactions between information security roles leveraging and turning down security are given in case studies. Furthermore we generated structured tasks descriptions of the roles and open the road to the fulfillment of an information security consultants dream by creating Job descriptions including its security responsibilities!
We justified the necessity of defining roles and by introducing benefits of this approach:
Avoiding unnecessary conflicts and internal politics by establishing security organization with inclusion of all employees’ duties.
Increasing security-level, efficiency and productivity by assigning clearly responsibilities.
Achieving good information security governance by encouraging coordinated team effort and mutual control.
Illustrative corporate examples demonstrate the need to supplement traditional corporate information security governance frameworks with roles and responsibilities for all positions.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Zurück zum Zitat Papadopoulos, Dimitrios: Positioning the roles, interfaces and processes in the information security scene, Information Security Management, Gjovik University College 2013. Papadopoulos, Dimitrios: Positioning the roles, interfaces and processes in the information security scene, Information Security Management, Gjovik University College 2013.
Zurück zum Zitat Hoehl, Michael: Creating a monthly information security scorecard for CIO and CFO. SANS Institute InfoSec Reading Room. 2010. Hoehl, Michael: Creating a monthly information security scorecard for CIO and CFO. SANS Institute InfoSec Reading Room. 2010.
- Positioning Information Security Roles, Processes and Interactions
Bernhard M. Hämmerli
- Springer Fachmedien Wiesbaden