Continuing the Information Security Governance Simplified series, Ryan and Evan discuss roles and responsibilities and their importance to effective information security governance.

Without explicitly defined roles and responsibilities accountability suffers (or is completely non-existent).

In this episode, the topics include:
* The Board of Directors (if it exists). – FOUR THINGS
* Executive management.
* Who is “ultimately responsible” for information security?
* Directors and managers.
* Information security personnel.
* All personnel.

Formally defining roles and responsibilities is critical. Listen to this episode to learn simple tips and tricks that Ryan and Evan have learned over the years, saving you the headaches of repeating the same mistakes they did.