Refers to the internal or external organization, group or individual(s) responsible for the overall development and implementation of security controls that protect an organization’s information systems using a centrally managed approach. Such controls may be manual or automated.