Our goal isn’t just to secure an application, or a physical system, or the network layer. Really our goal is to secure the entire stack. And that’s where our focus is. The below diagram gives you an example of how the various elements of the OSI stack are being delegated (held responsible) by the specialist teams.
The main thing to note: the job of the ‘Security Team’ is to stretch across the entire stack like a cross functional business unit to have visibility, to a certain degree control, and input into the various layers.
Developers/programmers and application architects.
Network engineers and network architects.
Security guards, and facilities personnel.
In charge of all the layers to some degree.