Although security leaders head up the security function, they also report to a business leader such as the CIO or CEO. In general, top business leaders are responsible for “owning” information risks as part of enterprise risk management, overseeing the operations of security leadership, and set...