Establishing command and control gives the power to professionals so they can properly assess the risks and determine which threats pose the greatest danger and must be considered a high security priority. Authority also requires that they identify potential threats that may be considered “acceptable risks” to the organization – meaning they are worth keeping an eye on, but don’t warrant a significant security investment.
For a long time, security was its own entity in the IT infrastructure. Security and IT didn’t always see eye to eye, and there were often points of contention. Nowadays, as collaboration between the two has become more common, both IT and security are combining forces to better understand the risks and threats to the enterprise.