The role of IT Security in a corporation is to protect against unauthorised access which may result is data loss and manipulation. Defending assets by protecting them against system failure is also vital, along with protecting storage of data and protecting the corporation against accidents. The role of IT Security Management is to lead, guide and shape an organisation in the area of security whether it's physical security, network security, communicational security, operational security and information security.
An IT manager will have to manage all the IT Security within a corporation within the constraints set by the corporation itself and advise them on what is needed, what can be done and what should be done to improve the IT Security in regards to corporate compliance. As well as that the role of IT security Management in a corporate compliance is to make sure that a corporations rules, regulations, specifications, polices, laws and standards are met these can also be met through the corporations objectives.
Failure to meet these compliances can mean severe consequence for example the UK government lost 25 million child benefit records from 2 cd's that were sent unrecorded using the courier TNT. The corporation failed to comply with the Data Protection Act 1998 as precautions were not taken to keep the data secured which criticised the government about the protection of data and undermined their reputation in data protection.
There are many different reasons why corporations comply with laws and regulations. This might be for mandatory reasons as stated in statutory law. As a corporation which complies with the Data Protection Act is in theory under the law taking precautions and following the law to keep their clients data safe. This in ethical reasons gives the client more confidence that the corporation will keep their data safe compared to a corporation which has a track record in not complying with certain laws or regulations.
IT security management will only advise and guide a corporation on security issues such as vulnerability accessibility but from there on it's up to the corporation to take on board the constraints given by the IT Security Management team. In many occasions security of certain hardware is not cost beneficial for example a printer, to put a lock on a printer will cost more than the likely amount of paper to be stolen.
Corporations also have polices and regulations which must be followed by the employees such as Richer Sounds PLC who state in their company policy that employees do's and do not's for example "never sending chain messages" - Richer Sounds PLC (http://www.richerstudentzone.co.uk/gcseweb/Unit2/2_4a.htm#agree). Additionally prevention is also a key part of the role of IT Security Management, preventing the disclosure of information to unauthorised individuals, groups or systems. Integrity is likewise a key aspect, data should not be modified except if permission is granted and the user is authorised to do it. Not forgetting availability which links in with the point that data should be available to authorised users when they need it.