The proper definition and assignment of information security roles and responsibilities has always been a key principle of information security governance. In fact, every major information security and data privacy regulation requires that the organization document roles and responsibilities. Real-World Challenges Despite being such a core governance requirement, in practice many organizations are still behind [...]