Positioning the roles, interfaces and processes in the information security scene
Master thesis
Permanent lenke
http://hdl.handle.net/11250/143968Utgivelsesdato
2013Metadata
Vis full innførselSamlinger
Sammendrag
All information security professionals around the globe acknowledge that "everyone is
responsible for information security" in a company. This trivial statement looks clever
but hides core challenges, "Who is everyone? How does everyone contribute or challenge
information security?" In our researched project we researched in-depth roles, processes
and interaction in the corporate information security, by creating a framework for crystal
clear defined roles and its associated security obligations and responsibilities. 20 corporate
roles are analysed from management and security perspective; classical interactions
between information security roles leveraging and turning down security are given in
case studies. Furthermore we generated structured tasks descriptions of the roles and
open the road to the fulfilment of an information security consultants dream by creating
Job descriptions including its security responsibilities! We justified the necessity of
defining roles and by introducing benefits of this approach:
1. Avoiding unnecessary conflicts and internal politics by establishing security organization
with inclusion of all employee’s duties.
2. Increasing security-level, efficiency and productivity by assigning clearly responsibilities.
3. Achieving good information security governance by encouraging coordinated team
effort and mutual control.
Illustrative corporate examples demonstrate the need to supplement traditional corporate
information security governance frameworks with roles and responsibilities for all
positions. Templates for both security obligations and task description are provided for
being used in corporations.