Embedding Information Security into the Organization
Topics: Governance Risk Management
M. Eric Johnson, Eric Goetz
Security & Privacy Magazine, IEEE, Vol. 5, Issue 3, May-June 2007
Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? In this article, the authors address how chief information security officers (CISOs) are working to build secure organizations.