It is stated that roles and responsibilities help the organization and its employees work more efficiently by designating who is responsible for performing specific tasks. In a large organization, this will help by ensuring that no task is overlooked. In a small, less structured organization, the workload can be more evenly distributed as an employee may be required to take on multiple tasks (An Introduction to Information Security, 2017). For instance, The Security Control Assessor is an individual, group, or organization responsible for conducting a comprehensive assessment of the managerial, operational, and technical security controls and control enhancements employed within or inherited by a system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly,  operating as intended, and producing the desired outcome concerning meeting the security requirements for the system). They are responsible for assessing weaknesses or deficiencies in the system and its environment of operation. In addition, they are also responsible for recommending corrective actions to address identified vulnerabilities and preparing a security assessment report containing the results and findings from the assessments. This is one of many important roles because these tests help identify multiple weaknesses in the system; not having this role would make it easier for different data breaches to happen, which will allow for sensitive data such as classified files, social security numbers, bank account numbers, customer records, intellectual property, and financial information to be accessed by unauthorized users.

Work Cited

Nieles, M., Dempsey, K., & Pillitteri, V. Y., An introduction to information security (2017). Gaithersburg, MD; U.S. Dept. of Commerce, National Institute of Standards and Technology.