IT departments in organizations are often expected to define a company’s information security policy. Although much of the security that needs to be added into an organization may reside in IT, all of the departments are involved in implementing the policies. Which department in an organization do you believe should be responsible for the company’s information security and why? What are some advantages and disadvantages of your choice? What tools would an information security manager need to properly implement the necessary security within an organization?