IT departments in organizations are often expected to define a company’s information security policy. Although much of the security that needs to be added into an organization may reside in IT, all of the departments are involved in implementing the policies.
- Which department in an organization do you believe should be responsible for the company’s information security and why?
- What are some advantages and disadvantages of your choice?
- What tools would an information security manager need to properly implement the necessary security within an organization?