ABSTRACT
We introduce some useful management concepts, and we show how to adapt them to information security management. For example, we redefine Mintzberg managerial roles, and we extend them to include the information security management roles that apply to effective security management. We relate information security management concepts to management theory, showing that traditional management concepts still apply to information security management. Information security managers are defined in terms of the traditional organizational structure found in both the public and private sectors. We defined information security managers’ roles and responsibilities based on the same organizational structure.
