Republished from Ray’s blog: The Security Minute
Today’s leading security executives are no longer just “selling the security program” to executive management. They are also collaborating with senior executives about enterprise security risk. Here is why:
- Business assets are the property of the business owners, who have delegated the care and management of those assets to the executive management team.
- Risks to business assets—and risk decisions—are the responsibility of executive management.
- Because executive management must make the risk decisions, security executives must provide security risk information and recommendations to executive management so that they can make informed risk decisions.
- The organization’s ownership, executive management, and senior security executive are all stakeholders in corporate security, each with their own rights and responsibilities.
These rights and responsibilities are captured in these three Security Bill of Rights documents:
- A Security Bill of Rights for Ownership
- Senior Management’s Security Bill of Rights and Responsibilities
- A Security Executive’s Bill of Rights and Responsibilities
Whether the senior security executive is the CSO, the VP of Security, or several executives who divide responsibilities for corporate, physical and information systems between them, the Security Executive’s Bill of Rights and Responsibilities still applies.
Do you insist on your corporate security rights?
Do you take full ownership of all your corporate security responsibilities?
You should also insist that the other security stakeholders do the same.