Professional Documents
Culture Documents
Module-4: Information Security Management and Metrics
Module-4: Information Security Management and Metrics
1. Board of Directors:
– Responsible for protecting the interests of the shareholders of
the corporation. This duty of care (fiduciary responsibility)
requires that it understand the risk to the business and its data.
– The Board of Directors is responsible for approving the
appropriate resources necessary to safeguard data. It also needs
to be kept aware of how the security program is performing.
Information and Data Security Team
Structure