End User
End users have a responsibility to protect information assets on a daily basis through
adherence to the security policies that have been set and communicated. End-user compliance
with security policies is key to maintaining information security in an organization because
this group represents the most consistent users of the organization’s information.
Executive Management
Top management plays an important role in protecting the information assets in an
organization. Executive management can support the goal of IT security by conveying the
extent to which management supports security goals and priorities. Members of the
management team should be aware of the risks that they are accepting for the organization
through their decisions or failure to make decisions. There are various specific areas on
which senior management should focus, but some that are specifically appropriate are user
training, inculcating and encouraging a security culture, and identifying the correct policies
for IT security governance.
Security Officer
The security officer “directs, coordinates, plans, and organizes information security activities
throughout the organization.” [9]
Data/Information Owners
Every organization should have clearly identified data and information owners. These
executives or managers should review the classification and access security policies and
procedures. They should also be responsible for periodic audit of the information and data
and its continuous security. They may appoint a data custodian in case the work required to
secure the information and data is extensive and needs more than one person to complete.
Information System Auditor
Information system auditors are responsible for ensuring that the information security
policies and procedures have been adhered to. They are also responsible for establishing the
baseline, architecture, management direction, and compliance on a continuous basis. They
are an essential part of unbiased information about the state of information security in the
organization.
Information Technology Personnel
IT personnel are responsible for building IT security controls into the design and
implementations of the systems. They are also responsible for testing these controls
periodically or whenever there is a change. They work with the executives and other
managers to ensure compliance in all the systems under their responsibility.
System Administrator
A system administrator is responsible for configuring the hardware and the operating system
to ensure that the information systems and their contents are available for business as and