IT Security ≠ Pigeonholed
It's easy for organizations to put IT Security into its own pigeonhole. Hey, it's classic business 101. Everyone has their own lane, right? Things are changing though and shared responsibility in some areas are essential. IT Security is one of those. Of course, that's assuming organizations even have an IT Security initiative (many do not). Pigeonholing is bad and it will cost you big bucks in the long term. IT Security is everyone's responsibility and it's vital to instill a culture that has a high level of security awareness and reporting.
So if you're one of those C-levels or Managers who thinks IT Security is responsible for everything security related you really need to give it a second thought. While the IT Security team has a very important role to play they can't do it without the cooperation of everyone else. The gap in responsibility -must- be bridged. Everyone from Legal, Finance (Accounting), PR and HR must know how to protect information by taking proactive steps to secure business sensitive information and practices.
Encourage your divisions to work directly with your IT Security team by attending meetings, participate in training sessions and incident response scenarios. At the least each division must understand the basics of IT Security as any one group can inadvertently create a breach.
As always, I have your best interests at heart. If you stay informed you'll be ahead of the curve.
All my best,