Overview of an Information Technology Corporate Security Organization

An information technology corporate security organization consists of many different functions. These functions include architecture, policy management, risk assessment, awareness/training, governance and security operations which includes incident response, threat and vulnerability management. Each of these functions will rely on information from the other functions as well as information from the enterprise itself in order to manage the security risk that the enterprise encounters in operating its business. These functions will work together to comprise an organization to implement the basic tenants of confidentiality, integrity and availability with the objective of managing the risk of damaging security incidents to an enterprise.