IT has to be able to help the business manage risk, ensuring that resources are used responsibly and protected against potential threats or losses.
When people hear “I deal with security” from any employee, the typical thought is that they are defending the enterprise, the web servers, the corporate email, and corporate secrets. A SLANG there is a very different security focus for those who must design security into the products that a business produces, whether that product is an appliance, a software product, or a service. These product security tasks, if they have even been identified, are often by default assigned to the corporate security teams. But doing so may not be the wisest choice, for conflicts and lack of attention to the product security tasks can result. The first step in dealing with this problem is to understand what the two different security needs are, and why it is often best to have two separate groups fulfilling them.