To implement an security control inside the organization is very important for the organization to survive and to have some competitive advantage. By having the segregation of duties is very important apart from that who is doing what and the roles and responsibilities of the persons i the organizations is very important so that to classify like what is the role of information security officer in the organization.
In compliance with the Enterprise Information Security, each agency must implement a formal internal information security program. Agency executive management is ultimately responsible for protecting agency-wide assets and setting security philosophy that will determine the overall effectiveness of the information security program. As such, it is necessary to establish a security management organization with clearly defined roles and responsibilities that will collectively and cooperatively develop, implement, and maintain the agency’s information security program by aligning security objectives with the business objectives of the organization.
Assets which are being used in the organizations whether compliant or not all are secured are not is very important. Conflicting duties and duties should be segregated to reduce unauthorized modification. Appropriate contacts with relevant parties should be maintained. When starting any project it very necessary to implement the security controls properly and early in project so as to avoid any later issues in the project and also to reduce the cost and all compliance is necessary. Nowadays BYOD(bring your own device) is very popular through which by having a proper control and compliance people can bring there mobiles phones and can work through them. Proper backups, and remotely accessing the databases can be compliant and used properly. Smaller agencies and agencies with small IT budgets may chose to assign these functions as additional duties, or all of these functions may be the responsibility of one or two individuals.