Software Engineering Institute

This sample artifact describes the leadership roles and responsibilities for the development, implementation, and sustainment of an enterprise security program (ESP), as identified in Article 2: Defining an Effective Enterprise Security Program, Table 1, and Article 3: Enterprise Security Governance Activities.

This artifact is not meant to stand alone — rather, it should be interpreted in the context of these articles. We hope business leaders will find it useful as an aid in building a governance-based security program.