There is no one "right" way to place your IT security department. In most companies, there are several "levels" to your security policy. Your corporate security department is responsible for your company's general security policy. This is broad in scope and should provide guidance for what your corporate standards are, but will rarely go into technical detail. For example, it may contain things like your backup/retention policy, policies about handling of customer data and privacy, appropriate use policies, etc.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.