Expertbrief Setting up a security organisation.

Door Henk Bel e.a. 18 sep 2006

There is a growing need for more insight into the optimal way to organise the security function. Various publications, such as ISO 17799 and CobiT, describe very well what must be done with regard to information security. But it is still not clear who has to do what, and what is the best way to organise it. Which part of information security is a responsibility of the business unit and what should the IT department be responsible for? The most effective way to realise information security in practice and choosing the most suitable organisation form are not trivial matters. This expert group has examined which factors are important in setting up a security organisation and how it should be done.