Skip to main content

Posts

Showing posts from August, 2014

Security groups should sit under Marketing, not IT

Ok, so I'm being a little facetious, but I do think that putting Security departments under IT is a bad idea, not because they don't naturally fit well there, but because usually it gives the wrong impression and not enough visibility.

Security is far more wide reaching than IT alone and touches every part of the business. By considering it as part of IT, and utilising IT budgets, it can be pigeonholed and ignored by anyone who wouldn't engage IT for their project or job. Security covers all information, from digital to paper-based and is concerned with aspects such as user education as much as technology.

There is a clear conflict of interest between IT and Security as well. Part of the Security team's function is to monitor, audit and assess the systems put in place and maintained by the IT department. If the Security team sits within this department then there can be a question over the segregation of duties and responsibility. In addition to this, Security depart…