Summary
In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations properly and effectively. Corporate executives struggle with organizational structure reporting relationships and staffing decisions for this evolving role. They're starting to realize that there is no right answer that could apply universally to all types of organizations. The roles, responsibilities, staffing, and reporting structure should be based on the company's size, industry, maturity, and corporate organizational structure — but, most importantly, an organization's culture should dictate its security organization archetype. Today, security responsibilities span functional areas and business units. It's very difficult to align, communicate, and involve other business areas; creating a security steering committee could allow you to achieve those objectives.
- Stay ahead of changing market and customer dynamics with the latest insights.
- Partner with expert analysts to make progress on your top initiatives.
- Get answers from trusted research using Izola, Forrester's genAI tool.