<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2233467260228916&amp;ev=PageView&amp;noscript=1">

Who is responsible for Cyber Security?

Lars Simonsson Team lead IT Governance, Cegal Sweden. Lars is responsible for development and delivery og services related to IT Governance in Sweden. The services include business consulting, change management, interim responsibility and process outsourcing.
10/20/2022 |

Many organizations today are fueled by information. The more business-critical information is, the more damage threats can do. The threat landscape today is more complex, and cyber criminals are well organized. 

It has probably never been as relevant as it is today to make sure that you work in a structured manner (i.e. implementing an Information Security Management System – ISMS) to identify, protect, detect and recover from breaches or other abuse from external, or internal, sources.

With that being said, the short answer to the headline question is everyone in the organization has a responsibility for upholding their part of the security. The human factor is key. Cyber security is the combined application of technology, processes, and controls, and the key enabler for achieving this is the human factor. If we as an organization lack awareness and do not understand the complexity and risks that we are exposed to, it can (and probably will) be the factor that enables cyber-attacks despite all technical measures implemented to avoid them.

We have defined three responsibility areas 
  • Management
  • The user  
  • Technical personnel

Cegal_responsible_areas_cyber_security_

Management is responsible for the organization's combined security performance, including vendors and partners, as well as the internal organization. Management defines the security scope, roles, responsibilities, and mandate, and is responsible for funding the cyber security work. Through control mechanisms, management ensures insight as a decision basis to establish and maintain an acceptable risk level. 

Users are responsible to take part in training programs and understanding and follow the governing rules and procedures of the company. Users should be able to detect and avoid attacks and report incidents and concerns. 

Technical personnel is responsible for ensuring that the organization has a secure technical architecture according to the decided risk level. The IT department must translate business targets, processes, rules, and policies into technical implementations. Tech personnel are also responsible for monitoring day-to-day operations and evaluating and managing tech changes from a security perspective. 

How to get started?

If your organization has not set any rules and responsibilities regarding security it is time to do so. It is not 'the IT guys' alone that are responsible. Struggling with where to start? A general tip is to start ‘top-down’ by setting the scope and establishing roles with capacity and relevant competence for the organization's security ambitions. The security work should be structured in an Information Security Management System to ensure efficiency and that measures are based on cost/benefit assessments and prioritized to best support business goals. 

Read more about Cyber Security Assessment >

Would you like to talk to us about how you can get your organization's IT security in order?

We are ready to help!

Related articles

Cyber Security Assessment
arrow
Blog
The Threat Landscape 2022: Cybercriminals are well organized and...
Lars Simonsson Team lead IT Governance, Cegal Sweden....
arrow
Consultancy > Process Governance > Cyber Security Management
arrow