Category Archives: RBCS Blog

A Security Executive’s Bill of Rights and Responsibilities

Republished from Ray’s blog: The Security Minute
The Security Executive has the right and responsibility:

  1. To develop security objectives, strategies and policies for the organization, for Senior Management approval or amendment.
  2. To identify security risks to the organization’s critical assets and business functions, and their potential business impacts.
  3. To identify and develop security risk mitigation options and recommendations, including their costs and business impacts, for Senior Management approval or amendment.
  4. To monitor for and identify changes to the security risk picture, and to timely act on them.
  5. To keep the Senior Management timely informed about changes to the security risk picture.
  6. To keep Senior Management timely informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
  7. To have adequate organizational resources allocated for the achievement and implementation of the security objectives, strategies and policies approved by Senior Management.
  8. To receive visible support from the Senior Executives regarding the approved security objectives, strategies and policies, and their related security initiatives.
  9. To implement corporate security as an ongoing process, by means of a security management system that incorporates continuous process improvement.
  10. To plan and execute security programs and projects to achieve the security objectives and implement the security policies set or approved by the Senior Executives.
  11. To maintain his or her continuing education in the field of enterprise security risk management.

(Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)

Back to: Security Bill of Rights

Senior Management’s Security Bill of Rights and Responsibilities

Republished from Ray’s blog: The Security Minute
Senior Management has the right and responsibility:

  1. To be informed about security risks to the organization’s critical assets, their potential business impacts, and to be timely informed about changes to the security risk picture.
  2. To be informed about the organization’s security risk mitigation options including their costs and business impacts.
  3. To set or approve the organization’s security objectives, priorities and strategies.
  4. To approve or amend security high-level policies and planning.
  5. To approve or amend large-scale security programs and

A Security Bill of Rights for Ownership

Republished from Ray’s blog The Security Minute
Ownership has the right:

  1. To be accurately informed by Senior Management about the current state and rationale of corporate asset protection and legal and regulatory compliance.
  2. To be timely informed by Senior Management about major security incidents, their actual and potential business impacts, and the organizational response actions planned and under way.
  3. To approve or amend the organization’s security objectives, priorities and strategies if desired.
  4. To approve or amend security high-level policies and planning if desired.
  5. To approve

A Security Bill of Rights

Republished from Ray’s blog: The Security Minute
Today’s leading security executives are no longer just “selling the security program” to executive management. They are also collaborating with senior executives about enterprise security risk. Here is why:

  • Business assets are the property of the business owners, who have delegated the care and management of those assets to the executive management team.
  • Risks to business assets—and risk decisions—are the responsibility of executive management.
  • Because executive management must make the risk decisions