The responsibilities of a Security Manager:
* What data is valuable, and needs to be protected.
* Ho is responsible for protecting it.
* Define actions for the employees, and consequences for non compliance.
* What type of role security will play in the organization.
Information Security is NOT a technical issue. Is a management issue that may require technical solutions.
To Create Security -> Planed, Designed, Implemented and Maintained
Applied in Top-Down.
The security has to be in line of business objectives.
If the company is damaged by an attacker, the Security Manager will have the responsibility of giving explanatinons.
The best security practices implemented at some technical area are:
Policy, change control and configuration management, trainig and awareness.