Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
|
July 26, 2007 The Evolving Security OrganizationDefining An Appropriate Organizational Structure And Staffing Model For Information Securityby Khalid Kark, Bill Nagel with Andrew Parker, Jonathan Penn, Alissa Dill |
Average: 9
(8 ratings)
|
This is an excerpt
Executive Summary
In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations properly and effectively. Corporate executives struggle with organizational structure reporting relationships and staffing decisions for this evolving role. They're starting to realize that there is no right answer that could apply universally to all types of organizations. The roles, responsibilities, staffing, and reporting structure should be based on the company's size, industry, maturity, and corporate organizational structure — but, most importantly, an organization's culture should dictate its security organization archetype. Today, security responsibilities span functional areas and business units. It's very difficult to align, communicate, and involve other business areas; creating a security steering committee could allow you to achieve those objectives.
TABLE OF CONTENTS
- The Security Organization Grows Up
- One Size Doesn't Fit All — And Security's No Exception
RECOMMENDATIONS
- Embed Security In Organizational Processes For Optimum Effectiveness
- Related Research Documents
This is an excerpt
Buy Risk-Free
Price: US $499
Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.
Already a Forrester Client?
Log in to read this document.
