Senior Management
- Must drive the entire security program
- Defines the Tolerance for risk
- Relies on the security professional for vision and cost-justified recommendations to manage risk
- Approves specific Countermeasures that produces their desired "security posture" for the enterprise
Security Professional
- Provide security vision to senior management... vision that includes the collection of cost justified recommendations.
- Assist with development of policy documents
- Perform risk assessment/management
- Assist with proposal, implementation, and maintenance of countermeasures
- Perform monitoring, auditing, security assessments, oversight
No comments:
Post a Comment