Establishing a Security Department
            One  of  the  first  steps  to  good  governance  is  to  mandate  the
            establishment of a Security Department to manage the security
            requirements of the organization and report back to the senior
            management team on the status of the security program. Also, to
            provide recommendations for future development of the security
            program, manage and report on incidents, and support or assist in
            monitoring, compliance and audit activities.

            It  is  always  a  challenge  to  know  who  the  security  department
            should  report  to  within  the  organization.  Security,  especially
            information security, is a newly emerging field and has not risen
            to a level of prominence that grants it a seat in senior management
            meetings in most organizations. The trend, however, is moving
            towards Security becoming an essential part of the management