Securing information requires:
Definition of security policies/strategies.
Implementing Policies: Roles, Responsibility and organisation (this chapter):
The IT security organisation needs a clear statement of mission and strategy.- Definitionof security roles & processes.
Users, administrators and managers should have clearly defined roles/responsibilities and aware of them.
User / support staff may require training to be able to assume the responsibilities assigned to them.
Effective use of mechanisms and controls to enforce security (see the “Mechanisms” chapter).
Concrete Technical Guidelines and controls for specific systems (see Part III).
Assurance (regular audits, reconsider risks regularly)