This model is applicable to the private, public, andnot-for-profit sector organizations. The model provides a structureto evaluate and define the role and necessary aptitude for thesecurity/risk management function in an organization. It provides amethodology to evaluate and respond to a dynamic spectrum ofthreats to tangible and intangible assets on both a domestic andglobal basis.
This standard is a model for organizations to use whendeveloping a leadership function to provide a comprehensive,integrated, and consistent security/risk strategy to contribute tothe viability and success of the organization. This model refers tothis leadership function as the senior security executive. Someorganizations designate this role/function as the Chief SecurityOfficer (CSO). The CSO designation is a concept descriptor and notnecessarily a recommendation for the position title. Thisrole/function may be a standalone position or as one that has beenincorporated within an existing senior-level executive'saccountability to the organization's leadership team.