In this module, we shall shift our focus to address these issues and challenges relating to people and groups. People and groups include those inside the information security function, outside but within the same company, and contractors and other third party service providers who provide services to the company. The third group may also operate inside or outside the company depending on the kind of services they provide to the company. We shall discuss how organizations in today’s business normally organize and structure their information security function to execute their roles and responsibilities. We shall also discuss the dynamics of people and groups in- and outside the organization, and their implications to information security.