Executive Summary (This is a document excerpt)

In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations properly and effectively. Corporate executives struggle with organizational structure reporting relationships and staffing decisions for this evolving role. They're starting to realize that there is no right answer that could apply universally to all types of organizations. The roles, responsibilities, staffing, and reporting structure should be based on the company's size, industry, maturity, and corporate organizational structure — but, most importantly, an organization's culture should dictate its security organization archetype. Today, security responsibilities span functional areas and business units. It's very difficult to align, communicate, and involve other business areas; creating a security steering committee could allow you to achieve those objectives.

Buy Risk-Free

Download and print PDF immediately. Price: US $499

Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.