In my travels over the last few years performing audits and security assessments in a variety of industries, almost all of them have questions about the role of security in the organization. Although size plays an obvious role in determining the size and scope of a security team, there are three examples that we see over and over again in terms of security layouts. They are:
More and more security frameworks and regulations require a dedicated security officer, and it is considered a best practice in all but the smallest of organizations. Although you could read a plethora of security controls to figure out why, there are some common-sense reasons that you can use to justify a position. The first is that most people, especially Information Technology staff, are concerned with keeping things running and operational. Security will always be a secondary concern over getting a system up and running to prevent the loss of service or revenue. In addition, a dedicated security professional can review not only IT security, but other important areas such as physical security (alarms, building access, etc.), vendor security (what are vendors doing with your data), and incident response (what to do in the event of a breach of security or ongoing threats).
In this day and age, security should have a seat at the executive level table, just as much as compliance and IT. As the threats to Information Security continue to evolve, having a dedicated resource is essential. To learn more about how Compass can assist your organization with your Information Security and Compliance needs, contact us today!
These Related Stories
No Comments Yet
Let us know what you think