Security Organization and Infrastructure

The size and number of individuals participating in the security function will depend on several factors, including:

• size of the enterprise • systems environment (distributed versus centralized) • number of components in the operating environment • organizational and management structure of the enterprise • number and locations of operational sites (i.e., national versus inter-

national) • how the sites are interconnected • assessed risk • IT budget

The security organization, regardless of its size or naming conventions, will have the same logical structure and functionality. This logical structure and functionality is the subject of this chapter and can be scaled and tailored to meet the specifications of the enterprise. This chapter also discusses resource ownership and provides a project management approach for the development of the information security architecture (ISA).