Three
guidesthat set out company directors'
liabilities for managing information risk are now available from
theInformation
Assurance Advisory Council
website.
Published by the Information Security Awareness, they cover
directors' responsibilities with respect to information security
and the organisation, its people and processes.
The ISAF said directors are accountable in law for how their
organisation protects its information. This made information
security a board-level issue. "Only the directors collectively have
the necessary vision, organisational understanding, and authority
required to address this issue," it said.