Full Answer Section

The security objectives of an organization can originate from a number of different places. These include:

• Regulatory requirements: Organizations may be required to comply with certain security regulations, such as the General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS).
• Business requirements: Organizations may have security objectives that are specific to their business needs. For example, a financial institution may have a security objective to protect customer financial data.
• Risk assessments: Organizations should conduct regular risk assessments to identify and assess the risks to their systems and data. These risks can then be used to develop security objectives that are appropriate for the organization.

The people who are engaged in security come from a variety of different backgrounds. These include:

• Security professionals: Security professionals are responsible for designing, implementing, and managing security controls. They may have a variety of different technical skills, such as networking, systems administration, and programming.
• Business leaders: Business leaders are responsible for setting the security objectives for their organization. They need to understand the security risks that their organization faces and ensure that the organization has the resources it needs to protect its systems and data.
• Employees: All employees play a role in security. They need to be aware of security risks and best practices and take steps to protect their systems and data.

The reasons why people are engaged in security vary. Some people are motivated by a desire to protect their organization’s systems and data. Others are motivated by a desire to prevent crime or protect people’s privacy. Still others are motivated by a desire to challenge themselves and learn new things.

No matter what their reasons, the people who are engaged in security play an important role in protecting our systems and data.