Information Security (InfoSec) is not an IT problem, it is the organization’s problem. Information is critical and affects almost every part of the organization.
The need to protect information is just as great as the need to protect the company’s financial position. Small organizations have financial controls, but most do not have IT controls. IT controls, just like financial controls, need to be monitored and reviewed or audited.
Many organizations also look at InfoSec as compliance, when it is actually the other way around. InfoSec is an ongoing process. If InfoSec is properly implemented, then compliance becomes easy.
