Abstract
All information security professionals around the globe acknowledge that “everyone is responsible for information security” in a company. This trivial statement looks clever but hides core challenges, ”Who is everyone? How does everyone contribute or challenge information security?”
In our researched project we researched in-depth roles, processes and interaction in the corporate information security, by creating a framework for crystal clear defined roles and its associated security obligations and responsibilities. 20 corporate roles are analyzed from management and security perspective; classical interactions between information security roles leveraging and turning down security are given in case studies. Furthermore we generated structured tasks descriptions of the roles and open the road to the fulfillment of an information security consultants dream by creating Job descriptions including its security responsibilities!
We justified the necessity of defining roles and by introducing benefits of this approach:
-
1.
Avoiding unnecessary conflicts and internal politics by establishing security organization with inclusion of all employees’ duties.
-
2.
Increasing security-level, efficiency and productivity by assigning clearly responsibilities.
-
3.
Achieving good information security governance by encouraging coordinated team effort and mutual control.
Illustrative corporate examples demonstrate the need to supplement traditional corporate information security governance frameworks with roles and responsibilities for all positions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Papadopoulos, Dimitrios: Positioning the roles, interfaces and processes in the information security scene, Information Security Management, Gjovik University College 2013.
Hoehl, Michael: Creating a monthly information security scorecard for CIO and CFO. SANS Institute InfoSec Reading Room. 2010.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Papadopoulos, D., Hämmerli, B. (2013). Positioning Information Security Roles, Processes and Interactions. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_14
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)