Management is responsible for protecting all assets that are directly or indirectly under their control.
They must ensure that employees understand their obligations to protect the company’s assets, and implement security in accordance with the company policy. Finally, management is responsible for initiating corrective actions when there are security violations. Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.