Security Executives and Managers have the right and responsibility:
- To develop security objectives, strategies and policies for the organization, for Senior Management approval or amendment.
- To identify security risks to the organization’s critical assets and business functions, and their potential business impacts.
- To identify and develop security risk mitigation options and recommendations, including their costs and business impacts, for Senior Management approval or amendment.
- To monitor for and identify changes to the security risk picture, and to timely act on them.
- To keep the Senior Management timely informed about changes to the security risk picture.
- To keep Senior Management timely informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
- To have adequate organizational resources allocated for the achievement and implementation of the security objectives, strategies and policies approved by Senior Management.
- To receive visible support from the Senior Executives regarding the approved security objectives, strategies and policies, and their related security initiatives.
- To implement corporate security as an ongoing process, by means of a security management system that incorporates continuous process improvement.
- To plan and execute security programs and projects to achieve the security objectives and implement the security policies set or approved by the Senior Executives.
- To maintain his or her continuing education in enterprise security risk management, organizational resilience and security operational excellence.
(Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)