Fitting the Security Team Into the Company Hierarchy

The computer security team can be positioned in different places in a company’s hierarchy. The position can vary depending on the size and industry of the company. In some cases, the computer security team is part of IT; at other times, the computer and physical security teams are merged or both computer security and auditing teams report to a chief financial officer. Regardless of where in the organizational chart the security team is placed, it is important that it have access to and interaction with IT management, other IT teams, and representatives from the business. The role of IT is to enable business processes with new technology and the computer security team shares this objective, in addition to the mission to provide security solutions that adequately manage the inherent risks.

Submit a document that contains responses to the following questions:

List three distinct places in the hierarchy of a large company where you could put a computer security team. Explain the pros and cons of positioning the team in each of these locations.

Define the role of a stakeholder in a security project. List five examples of stakeholders from the business, and explain why they have a vested interest in security policies and processes. Suggest how the CISO or the security team can work to build relations with and involve each stakeholder more in security projects.

Explain how the CISO should work with IT management and business units to get greater support for security projects. Be thorough and offer examples.

Complete Answer: