Summer Regulatory Summit eBook

8. Segregation of IS from IT

o The Organization should implement structural changes for Information Security responsibilities to ensure the Information Security Officer remains independent of the IT Operations staff and does not report to IT Operations Management. o The Organization should separate management and monitoring of the Information Security Program from the daily security duties of IT Operations.

RECOMMENDATION

© SBS CyberSecurity, LLC www.sbscyber.com

27