Cyber Roles and Responsibilities
Jump to navigation Jump to search
Information security risk management is an important part of the security governance, and the responsibility of the board of directors.
Risk management is a management responsibility, and there are many key roles that need to be addressed
- Board of Directors
- Cyber security governance needs strategic direction as well as commitment, resources, and the assignment of responsibilities.
- The board needs to be aware of the Information Assets and how critical they are to business operations. This is achieved through periodic reviews.
- Executive Management
- The policy set forth by senior management must have leadership and ongoing support from executive management to succeed.
- Governing boards and senior management – ultimate responsibility
- Chief information officer – IT planning, budgeting and performance
- Information security manager – security programs for their organization
- System and information owners – ensuring controls are in place
- Business and functional managers – IT procurement and business management
- IT security practitioners – implementation of controls
- Security awareness trainers – reaching the employees