Who Should Be Responsible for Security in a Business?
In short, everybody is responsible for security within a business.
Whether you are a smaller organisation or a large Enterprise with a dedicated Security team and CISO, every member of staff has a part to play in keeping that business as secure as it can be.
Business Owners and Board Members need to recognise that Security begins with them- it is up to the business to set Security strategy and assign the necessary resources to deliver it. Whether hiring dedicated positions or teams or finding a security partner to work with, the first step to a secure business is a leadership team that understands that security needs to be addressed, what needs to be protected and how security can help the business meet business goals, if done right.
Security Teams, CISO or CIO roles should take the steer from the strategies set by the leadership, and define the policies and processes to help the business meet the expectations. This also includes making sure that staff are trained and aware of all the policies put in place, as well as a framework to plan for and deal with security incidents.
IT Departments can provide the technical solutions, and enforce policies through these solutions to make sure the business security policies can be followed. This is no easy task as the balance must be struck between enabling productivity whilst maintaining security, but the security requirements of the business should dictate what technology, solutions and applications the business should adopt. From pushing anti-virus updates to taking the business into the Cloud, IT can deliver the solutions that help the business deliver on its strategy.
It is the responsibility of all staff however, to ensure that security policies and processes are followed. Often seen as a weak link when it comes to security, through training and awareness staff can be an organisation’s biggest security asset providing a critical first line of defence against cyber attack.