Personnel security is the focus of the third chapter of my eBook, Security Program Pitfalls and Prescription to Avoid Them, and the roles and responsibilities of personnel is highlighted in pitfall #15 of that chapter.
Organizations could potentially overlook a pivotal security function or leave a control unaddressed if security roles and responsibilities are not defined for all appropriate personnel. Once defined, roles and responsibilities need to be effectively communicated to ensure that all personnel understand the expectations of the organization.
 
Security roles and responsibilities for all appropriate personnel should be defined and documented. This is not limited to personnel on your security team. Every role throughout the organization that plays a role in managing or complying with security controls should have their applicable roles and responsibilities documented.
 
The list of security roles and responsibilities for personnel directly supporting the security program will be more prescriptive. The CISO should partner with your organization’s human resources team to ensure roles and responsibilities are appropriately documented for everyone with a role in maintaining or supporting the security program. Job descriptions are often the best place to record this information.
 
Regardless of the number of personnel supporting the security program, a plan for talent recruitment and retention of security personnel should be maintained. Succession planning is also important to ensure the security program continues to succeed as personnel are promoted, transferred, or depart the organization.
 
A process should be in place to identify additional expertise that may be required to improve security program effectiveness, whenever required. For example, a security consultant may be engaged to jump start a security program or simply provide advice and guidance on building a tactical security program roadmap along with a long-term strategy. These temporary investments can add long-term benefits to your overall program.
 
To learn more about this pitfall, and 99 more, get my eBook: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASECENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.