|
The Security Executive has the right and responsibility:
- To develop security objectives, strategies and policies for the organization, for Senior Management approval or ammendment.
- To identify security risks to the organization’s critical assets and business functions, and their potential business impacts.
- To identify and develop security risk mitigation options and recommendations, including their costs and business impacts, for Senior Management approval or amendment.
- To monitor for and identify changes to the security risk picture, and to timely act on them.
- To keep the Senior Management timely informed about changes to the security risk picture.
- To keep Senior Management timely informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
- To have adequate organizational resources allocated for the achievement and implementation of the security objectives, strategies and policies approved by Senior Management.
- To receive visible support from the Senior Executives regarding the approved security objectives, strategies and policies, and their related security initiatives.
- To implement corporate security as an ongoing process, by means of a security management system that incorporates continuous process improvement.
- To plan and execute security programs and projects to achieve the security objectives and implement the security policies set or approved by the Senior Executives.
- To maintain his or her continuing education in the field of enterprise security risk management.
(Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)
2006 by Ray Bernard. All Rights Reserved. Permission is granted to reprint with The Security Minute identified as the source and Ray Bernard as the author.
|
