New Library Saves Thousands Documenting Information Security Organizational Roles and Responsibilities

Share Article

Information Security Roles and Responsibilities Made Easy enables organizations to rapidly address key regulatory requirements of ISO 27002, HIPAA, PCI-DSS and FISMA.

Information Security Roles and Responsibilities Made Easy

ISRRME Version 3

All major information security and data privacy laws require the definition of information security roles and responsibilites

Information Shield, a global provider of information security policy and compliance products, announced the latest release of Information Security Roles and Responsibilities Made Easy (ISRRME) by Charles Cresson Wood. Now in its third revision, this library includes over 70 time-saving information security templates and expert advice designed to streamline the process of defining information security roles and responsibilities. This updated version also includes the results of our most recent and exclusive Information Security Staffing Survey, which enables organizations to benchmark their information security staffing against their peers.

“Every federal and industry-specific information security mandate such as HIPAA, GLBA, and PCI-DDS, requires organizations to assign and document information security roles and responsibilities," said David Lineman, president and CEO of Information Shield. “Information Security Roles and Responsibilities Made Easy is the only product available that allows companies to quickly and effectively document the security responsibilities of over 70 different departments and job functions. Organizations can save thousands of dollars and hundreds of man-hours using this library."

“Studies show that one of the most important steps, that top management organizations can and must take in the information security area, is to clearly and logically define roles and responsibilities for internal staff, business partners, contractors, consultants, and other third parties,” said the author and independent information security consultant Charles Cresson Wood, MBA, MSE, CISM, CISA, CISSP. “Organizations can achieve dramatic time and cost savings over the long haul with a properly defined information security organization. For example, a recent Verizon study shows that the costs of a data breach are on average 35% less if the organization has established a CISO Chief Information Security Officer (CISO) or similar position.”

About Information Security Roles and Responsibilities Made Easy

Information Security Roles and Responsibilities Made Easy contains over 70 pre-written information security job descriptions, organizational mission statements, and reporting relationships. Now in its third revision, this time-saving library contains key best practices that have been used effectively by hundreds of organizations worldwide.

In addition to time-saving documents, ISRRME provides valuable on information security staffing, outsourcing the security function, and dealing with workers in positions of trust. Information Security Roles and Responsibilities Made Easy comes in electronic download and CD-ROM format, and includes an organization-wide license to republish the material inside one organization.

ISRRME Version 3 contains:

  •     29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
  •     Over 40 information-security-related job descriptions for a wide variety of line and staff functions
  •     Expert advice on how to plan and staff the information security function, including 12 separate information security organization structures with coverage of the pros and cons of each structure.
  •     Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
  •     Information security and data privacy staffing data and analysis to help gain management support for additional resources.
  •     Specific advice on how to plan, document and execute an information security staffing infrastructure project including: documentation, project planning, review and management approval steps.
  •     Practical advice on how to maintain security when dealing with third parties, including: Pros and cons of outsourcing security functions, including validation and security when outsourcing. The security roles and responsibilities of software and hardware vendors. Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties
  •     Valuable staffing advice and descriptions for information security professionals including: Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.

The information security templates within ISRRME come in PDF and MS-Word format for easy search and customization, and include an organization-wide license to republish the material inside one organization. Organizations can sign up for the free Policy Solutions Newsletter and receive free sample job descriptions by visiting

Along with its companion book, Information Security Policies Made Easy, these guides provide the best way for organizations to rapidly and economically document their critical information security functions and to demonstrate compliance with the standard of due care.

About Information Shield

Information Shield is a global provider of information security policy and data privacy leading practices. Headquartered in Houston, Texas, Information Shield’s library of security publications allow organizations to effectively build policy-based security programs that focus on compliance with international regulations. For more information, please visit, email sales(at)informationshield(dot)com or call 1.888.641.0500.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David Lineman
Visit website