Comments on: Information Security: Orphan of the Org Chart? http://www.bloginfosec.com/2008/03/14/information-security-orphan-of-the-org-chart/ An Information Security Magazine in a Blog Format Mon, 30 Jan 2012 11:01:25 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Doug Copley http://www.bloginfosec.com/2008/03/14/information-security-orphan-of-the-org-chart/comment-page-1/#comment-3660 Doug Copley Mon, 21 Apr 2008 05:30:46 +0000 http://www.bloginfosec.com/2008/03/14/information-security-orphan-of-the-org-chart/#comment-3660 I work at a fairly large financial services company and we're struggling with this question right now. We're considering combining the policy & awareness functions of 3 groups into one: information security, records management and privacy. Together they may equate to something called the Office of Information Assurance. Where they should report is the biggest question. The most logical place in my mind so far is either the Enterprise Risk Office (most logical), or Legal (records mgmt and privacy are already there). I'd be grateful to any other financial companies who'd like to chime in with their current organizational placement. I work at a fairly large financial services company and we’re struggling with this question right now. We’re considering combining the policy & awareness functions of 3 groups into one: information security, records management and privacy. Together they may equate to something called the Office of Information Assurance. Where they should report is the biggest question. The most logical place in my mind so far is either the Enterprise Risk Office (most logical), or Legal (records mgmt and privacy are already there).

I’d be grateful to any other financial companies who’d like to chime in with their current organizational placement.

]]>