ABSTRACT
At the first level, the information owner or individual assigned responsibility for the component must ensure that appropriate preventative and detective controls are in place and are being utilized effectively. Individuals at this level include information owners, component administrators, and security liaisons for the business unit or department. These individuals are responsible for the actual implementation of the controls. Controls at this level include establishing and maintaining access, implementing monitoring and alert tools, administration of audit trail reports, management review of log-in attempts, implementing security parameters, and investigation of lockouts. At this level, detection of security violations minimizes the damage done to the organization.
