Question

Our heroes are our first line of defense.

A paragraph on this please?

Answer 1

ANSWER :

A hero is someone who helps people, saves people lives, and risks their lives for someone else's life. A hero can also be someone brave, cares for someone, loves someone. Example: Like Superman, Spiderman, the Incredible.

Answer 2

${\huge{\boxed{\sf{\green{Answer}}}}}$

While the three lines of defense covering assurance, governance, risk, compliance, information security and cybersecurity functions can all be working in one way or another on information security and governance, one can examine the objectives, roles and activities of these functions to explore ways to optimize outputs. Optimized outputs means the combined outputs of the various parties working on information security are maximized, which allows resources to be better deployed with increased productivity by reducing duplication.

Roles and Responsibilities of Various Functions

Organizations aim to achieve their objectives while managing risk within their risk appetites. A good governance structure for managing risk is to establish three lines of defense. Briefly, the first line of defense is the function that owns and manages risk. Within the first line of defense, businesses can set up control functions (e.g., IT control, which reports to the IT department) to facilitate the management of risk. The second line of defense is the independent control function (e.g., IT risk, IT compliance) that oversees risk and monitors the first-line-of-defense controls. It can challenge the effectiveness of controls and management of risk across the organization. The third line of defense is internal audit, which provides independent assurance. Figure 1 provides examples of the functions under the three lines of defense.

Various business functions aim to ensure organizations are managing risk within their risk appetites. In particular, IT governance provides the consistency, processes, standards and repeatability needed for effective IT operations while monitoring the budget and compliance with regulatory and/ or organization requirements. IT risk management must function as part of the enterprise risk management framework and address various types of risk and the challenges and opportunities the risk presents. It helps focus IT governance, security and privacy investments in the areas most critical to the achievement of organizational objectives. Information security aims to protect data and information systems from inappropriate access, manipulation, modification and destruction, thus ensuring systems/data confidentiality, integrity and availability. Cybersecurity, which includes technology, processes, policies and people, focuses on using business drivers to guide security activities while ensuring that cybersecurity risk factors are included in the organization’s risk management processes.1

The assurance function is internal audit, whose mission can be defined to enhance and protect organizational value by providing risk-based and objective assurance to evaluate the effectiveness of governance, risk management and control processes.