|
Senior Management has the right and responsibility:
- To be informed about security risks to the organization’s critical assets, their potential business impacts, and to be timely informed about changes to the security risk picture.
- To be informed about the organization’s security risk mitigation options including their costs and business impacts.
- To set or approve the organization’s security objectives, priorities and strategies.
- To approve or amend security high-level policies and planning.
- To approve or amend large-scale security programs and projects.
- To provide visible support for the approved security objectives, strategies and policies, and their related security initiatives.
- To be accurately informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
- To keep ownership accurately informed about the current state and rationale of corporate asset protection, and legal and regulatory compliance.
- To be accurately informed about current and projected security costs.
- To be timely informed about security incidents, their actual and potential business impacts, and the organizational response actions planned and under way.
- To establish a Chief Security Officer or other senior security executive position to lead and manage the organization’s security functions. (In a small organization this responsibility may be assigned to an executive or manager with other non-security responsibilities.)
- To see that security is implemented as an ongoing process, by means of a security management system that incorporates continuous process improvement.
(Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)
2006 by Ray Bernard. All Rights Reserved. Permission is granted to reprint with The Security Minute identified as the source and Ray Bernard as the author.
|
