IT departments in organizations are often expected to define a company’s information security policy. Although much of the security that needs to be added into an organization may reside in IT, all of the departments are involved in implementing the policies.
Post the following to the discussion board:
Assess the authority structure in an organization that uses formal information systems by answering the following questions:
Which department in an organization do you believe should be responsible for the company’s information security, and why?
What are some advantages and disadvantages of your choice?
Compare the tools an information security manager has available to properly implement the necessary security within an organization?