Provides a model for organizations to use when developing a leadership function to provide a comprehensive, integrated and consistent security/risk strategy to contribute to the viability and success of the organization. It is structured at a high level, although specific considerations and responses are also addressed for deliberation by individual organizations based on identifiable risk assessment and requirements, intelligence, and assumptions. This standard is a model for organizations to use when developing a leadership function to provide a omprehensive, integrated, and consistent security/risk strategy to contribute to the viability and success of the organization. This model refers to this leadership function as the senior security executive. Some organizations designate this role/function as the Chief Security Officer (CSO). The CSO designation is a concept descriptor and not necessarily a recommendation for the position title. This role/function may be a standalone position or as one that has been incorporated within an existing senior-level executive's accountability to the organization's leadership team.