In a centrally managed organization, both policy and IT infrastructure are managed from a centralized program typically under a CIO as a shared service to the rest of the organization. The shared service environment typically provides most of the IT services for the entire organization. Subsidiary organizations may provide specialized IT functions specific to their missions. In this type of an environment, your information security program will:

• Interface with the shared services organization to secure enterprise shared services through enterprise policies
• Work with business users throughout the organization and IT to understand mission and information protection requirements
• Work within the individual organizational units to understand if there are specialized IT requirements that need to be addressed:
  • For example, manufacturing will have different IT requirements than HR, and thus will have specialized security requirements: