Week 1 Post - The roles and responsibilities of people involved in security policy framework creation

When we talk about the organization and business process, each roles and responsibilities are accountable in order to achieve the goal. Similarly for selecting the perfect security policy framework, changing the existing framework or building the secure framework different individuals are required and each individual are equally responsible for their roles and responsibilities. Each individual performs the separate task and manages the task that they are responsible for the work. This includes managing the team (managers), developing secure framework (security architects), ensuring the data quality (data engineers) , office/Vendor management etc .which are building blocks of the whole security framework. Each security policy framework creation is risk based approach so different person working to minimize or solve the risk has individual task assigned to them. Risk governance provides the overview of the risk evaluation and defines the key personnel that are working to ensure the technology risk, manage/articulate the risk. Each step of this process has different hierarchical order of the organization who are adding values to produce the high quality products and services. Organizational structure depicts the roles and responsibilities of people involved in security policy framework creation and implement framework that establish the standards for identifying and managing risk. For example people working on the executive governance (board of directors) are responsible for the decision making, managerial task, dealing with the audit issues, CISO are responsible for any technology related security issues. Security administration manages the access management referring to user access to the different systems, physical facilities and manages the application security management. These different layers of the organizational structure has to work together to achieve the secure business component. Security management works together with operational management to ensure application security requirements are met. When we talk about the separation of duties for the creation of the security policy framework we are associating each business function with risk. Each individuals working on the organization structure has their skill set defined and they are hired for their individual roles. For example, developers can code as per the requirement and tester can verify the application are functioning as per the requirement but when these individuals are assigned to design the security architecture of the organization then they are not qualified for the task. To summarize, each individuals has their own skills set and they mastered in them to produce the quality works. If one has to work outside the comfort zone then there are risks associated with the work and transnational responsibility and accountability are in jeopardy. These roles and responsibilities are also associated with the organizational security governance and compliance to the standards. Creating the strong security policy framework helps in minimizing the risk and the only way to measure the level of security is framework. Framework defines the essentiality of the regulatory compliance the set the standards and controls. When these roles and responsibilities are not properly defined or managed then security risk can be increased, compliance and standards can be in danger and business can have legal issues.