"Security: it's your job, managers told"

Overseas Security Advisory Council: "Security: it's your job, managers told" from MIS on Wednesday, September 10, 2003

Corporate managers, rather than security professionals, should be accountable for IT security breaches, according to the federal Attorney-General's department.

Security is 'everyone's business', but managers must accept ultimate responsibility for their department's IT protection, says Peter Ford of the Attorney-General's department's information and security law division.

'Managers, for example, should be accountable for breaches of security in the same way as they are accountable for working within their budgets,' Ford told delegates at last week's Information Security World conference and expo in Melbourne. 'While this is a simple proposition, it is a radical departure from the traditional rule-based approach to security, which allows managers to leave security issues to the attention of security professionals and encourages a culture of compliance.'

Security issues must be taken into account as 'an integral part of discharging one's responsibilities', says Ford, whether they be software designers, managers of an enterprise or consumers. "