Welcome » IT Booklets » Information Security » Security Process » Governance » Management Structure
Information security is a significant business risk that demand
engagement of the Board of Directors and senior business
management. It is the responsibility of everyone who has the
opportunity to control or report the institution's data.
Information security should be supported throughout the
institution, including the board of directors, senior management,
information security officers, employees, auditors, service
providers, and contractors. Each role has different
responsibilities for information security and each individual
should be accountable for his or her actions. Accountability
requires clear lines of reporting, clear communication of
expectations, and the delegation and judicious use of appropriate
authority to bring about appropriate compliance with the
institution's policies, standards, and procedures.