ABSTRACT
The first challenge faced by an organization that is merging
these two groups is the organizational placement and struc-
ture of the new security group. Some organizations have
chosen to keep the two areas separate both from an admin-
istrative and management perspective, yet even in those
instances it is important that the two groups learn to
support each other and communicate frequently. It may
be difficult to determine who will lead a new merged
organization and where in the corporate structure it should
be placed. Ideally, the security department will report to a
senior manager, perhaps a chief security officer (CSO) or
chief risk officer (CRO). However, in many instances, the
organization is not in a position, either through size or
organizational structure, to create such a position. This
recognition of the importance of information security and
the delegation of a senior manager to oversee information
security has become mandated in some countries through
government regulation. Regardless, however, of the
administrative placement and reporting structure of the
security department, the security personnel must generate
the credibility to gain influence in the boardroom and
amidst the strategic planners for the organization. This is
imperative because information security plays an increas-
ingly important role in establishing the secure infrastruc-
ture for the business to continue to operate, and provides
the platform for future growth, acceptance of new technol-
ogies, and automation of traditional business systems.