People—Components
It's necessary to evaluate the information security organization and determine whether personnel have the skills and credentials they need to ensure the program's success. Consider the following questions:
Who is responsible for information security at your company today?
Are they part of a formal information security organization, or do they work in another department?
Having a dedicated information security organization in place is a positive indication of an effective information security program. Dedicated security staff with a clear reporting path are better suited to managing and implementing your security program.
When evaluating your staff, evaluate the qualifications and experience of the organization's leader and group ...
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
