The Buck Stops Here: Security Program Control
Managers of all departments need to be involved with ensuring their teams are performing their assigned operational duties in accordance with security program control requirements.
In essence, when it comes to personnel security, the buck stops with the managers. Management responsibilities is the focus of pitfall #18 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Managers often lead by example. If a manager “colors outside the lines,” it’s a safe bet that their team will eventually do the same. A single security resource, or even a complete security team, cannot monitor all activities of everyone in the organization. Managers play a critical role in supporting the overall success of the security program by ensuring their employees adhere to control requirements that have been defined by the organization.
Managers should be responsible and accountable for ensuring their teams perform the assigned functions within their areas of responsibility in accordance with defined security program controls. Security risks, compliance automation tools, and control requirements should be actively discussed at business unit meetings. Managers should ensure their teams have a clear understanding of how to identify and escalate potential security issues to appropriate security personnel.
Access agreements for personnel should be developed and documented. Managers should ensure updated physical and logical access agreements for their teams are obtained at least annually. To continually support the security program, managers of personnel with privileged access, or elevated access permissions beyond that of standard users, may be required to perform more frequent reviews.
Security department managers should be responsible for ensuring your organization has a personnel security risk development and improvement program in place to maintain personnel knowledge, competence, and effectiveness. This helps to ensure everyone supporting the security program stays current on the latest security trends, threats, tools, and security capabilities of the organization.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASECENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.