• United States



by CSO Contributor

Responsibility Without Authority

Jun 01, 20031 min
CSO and CISOData and Information Security

While this CSO is responsible for setting security standards and policies

dictating building access privileges, for examplehe has no direct authority to oversee the implementation of those access privileges, which instead falls to the heads of operations and facilities.

The advantage to this setup is cultural. It embeds security within the business units. The disadvantage is to the CSO, who is clearly responsible when things go wrong but has little authority to effect precautionary measures.