Security starts at the beginning of everything that we do. It is not just a Security Team task and needs to be designed and executed End to End (E2E).
The Four Principles
- Security by Design E2E, Business and IT: Secure design of business processes, automation in IT, and by encouraging a culture of discipline, ownership, and craftsmanship in Business Units and IT.
- Executing the Security Control Framework based upon the Security framework is part of the corporate governance framework and assures us of the effectiveness of controls (Test of Effectiveness)
- Security in the mindset of the first line of defense, executed and budgeted risk and security in the Business Units, strengthen the Business Units to execute their security plan.
- Functional reporting lines for monitoring and assurance reporting by the CISO and the Business Managers are in place.