ABSTRACT
Within the business there must be an organization designated with the responsibility of information security management. This organization begins at the top with a high-level information security steering committee accountable at the highest level to the board of directors, president, or CEO to provide strategic direction and funding for the necessary components of the ISA (Information Security Architecture). This chapter discusses in detail the responsibilities of that steering committee and the subordinate security groups that implement information protection throughout the organization.
