CISOs need to offload some of the work of protecting information, says Andrew Jaquith. Security managers should not push data protection responsibilities to business managers, he says. Security manager should provide oversight during implementation and day-to-day operation, ensuring policy and regulatory compliance. Data owners are responsible for determining whether business risk is too high based on existing threats, vulnerabilities, and asset value. Business users have a different focus when they come to work in the morning, like generating revenue and keeping customers happy.”]