scope:

This model is applicable to the private, public, and not-for-profit sector organizations. The model provides a structure to evaluate and define the role and necessary aptitude for the security/risk management function in an organization. It provides a methodology to evaluate and respond to a dynamic spectrum of threats to tangible and intangible assets on both a domestic and global basis.

Purpose

This standard is a model for organizations to use when developing a leadership function to provide a comprehensive, integrated, and consistent security/risk strategy to contribute to the viability and success of the organization. This model refers to this leadership function as the senior security executive. Some organizations designate this role/function as the Chief Security Officer (CSO). The CSO designation is a concept descriptor and not necessarily a recommendation for the position title. This role/function may be a standalone position or as one that has been incorporated within an existing senior-level executive's accountability to the organization's leadership team.