Who is responsible for the security?
The CEO is ultimately responsible for the security. The CEO may delegate the responsibility to a CIO or CISO. The CISO is dependent on the CEO for funding, and support for follow through on security policies.
Bottom up vs Top Down
Top Down: Top down is where security and buy off is implemented at the CEO level first, then its brought down to the user level.
Bottom Up: This is where a user sees the need, then convinces each level of management to implement the additional security.
Top Down approach is more effective.
No comments:
Post a Comment