ABSTRACT
An IT corporate security organization is composed of many different functions. These functions include
architecture, policy management, risk assessment, awareness/training, governance, and security
operations including incident response and threat and vulnerability management. Each of these functions
will rely on information from the other functions, as well as information from the enterprise itself in order
tomanage the security risks inherent in business operations. These functions work together to comprise an
organization that implements the basic tenants of confidentiality, integrity, and availability.