ABSTRACT
This chapter discusses the components which need to be considered to construct an effective security management organization. Security organizations will vary across organizations due to the resources available and the specific needs of the organization. However, each of the organization functions need to be managed by someone within the organization, or this presents an information security management risk that may be unacceptable to the organization. The central management model while appearing simple can be a powerful way to address information security management by guiding an information security program to perform the right activities. Security architecture provides the security research and technical review of information security products to ensure that the appropriate security tools are purchased to solve the right problems. The goal of promoting awareness is to ensure that the security policies and procedures are available to those beyond the information security department. Forensic investigations have not received much attention within information security departments and tend to receive little investment.
