If you are responsible for some information or processes, you are responsible for their security from end to end.
Being responsible for something does not mean that you have to do everything. You can delegate tasks and subprocesses to providers, even critical ones, but you cannot delegate your responsibility.
Continue reading “In cybersecurity, you cannot delegate your responsibility”