Introduction to the information security function

If we look back to the forms of government in the past, four classes emerge: the warrior, the priest, the merchant, and the peasant.

Power tended to alternate between these classes. However, whichever class was ruling always needed the right amount of support from the other classes. They need this support in order to remain dominant and keep society running smoothly. When this support was lacking, there was disruption and decline.

It’s not so different in the modern organisation; the CEO is boss, but needs the backing of his team managers and other officers if the company is to prosper. Key members of the team may leave, if not given due respect. It’s important to understand the needs of others if you are going to work successfully with them and form fruitful alliances.

Figure 1: Corporate hierarchy

Having considered hierarchies of the past, you will now look at modern business structures and the information security officer’s place in them.

It’s key that the information security function influences policy at the organisation. This is to ensure the appropriate security behaviours and processes are implemented. It is vital that you do this in the best possible way. In order to achieve this, you need an understanding of the organisational structures of modern businesses and how the one at your own company affects the security function. You must appreciate the context of the business you're part of in order to best execute your role of Information Security Manager. As you know, you need buy-in from the entire organisation; therefore, it's essential to promote a keen understanding of the management teams' responsibilities in implementing effective security practices. You cannot achieve an adequate security system without the aid and commitment of your fellow workers. 

The entire organisation is responsible for keeping information and systems secure, but the staff need the right training and support for this to happen. The Chief Information Security Officer (CISO) needs to create a company-wide belief in the importance of cyber security and its on-going implementation. 

What's next?

First up, in the next section you'll be looking at modern business structures and their members: the Board of Directors, CEO, C-suite, etc., and how they interact with each other in the context of cyber security.