“Ultimately, responsibility for the success of an organization lies with its senior managers.” 2 By establishing an effective information security governance structure, they establish the organization’s computer security program and its overall program goals, objectives, and priorities in order to support the mission of the organization. Ultimately, the head of the organization is responsible for ensuring that adequate resources are applied to the program and for ensuring program success. Senior management is responsible for ensuring that the resources are allocated to correctly identify types and locations of information and to ensure that resources are allocated to properly sanitize.
