To manage the organization's financial resources

To act as the CEO of the organization

To align IT activities with the direction set by governance

To set the organization's vision and mission

Shareholders

Middle management

IT security manager

Board of Directors and senior leadership

By delegating all responsibilities to middle management

By micromanaging daily tasks

By monitoring and evaluating implemented decisions

By setting strict rules for all employees

It sets the organization's marketing strategy

It guides the organization in choosing its position on the risk spectrum

It determines the number of employees needed

It helps in deciding the organization's financial budget

Decentralized approach

Top-down approach

Bottoms-up approach

Centralized approach

The head of the IT organization

The Vice President of Operations

The Chief Financial Officer

The Chief Executive Officer

They set the organization's IT policies

They ensure the organization is financially viable and can support security initiatives

They manage the day-to-day IT operations

They oversee the technical implementation of security measures