Shared Responsibility
Source AWS Security Day 2025
I saw some awareness posters that cyber security is a shared responsibility. No doubt each of us plays a different and important roles to protect the cyber space. But putting a slogan like this without any elaboration will be unwise. We never know who to do what and eventually no one takes accountability.
The shared responsibility must be well defined somewhere with easy access from audience. Examples are:
Senior Management supports and sponsors necessary cybersecurity resources
Technical Teams secure the digital assets throughout their life cycle
General Users follow the good practices published by reputable internal subject matter expert
The AWS model is a good example.
[ [Disclaimer: Not recommendation, critique, nor having association, affiliation with AWS.]
...