Expert Advice Community

Guest

Asset owner and risk owner - how exactly are the two differentiated?

  Quote
Guest
DejanK Created:   Jan 12, 2016 Last commented:   Nov 18, 2021

Asset owner and risk owner - how exactly are the two differentiated?

I've received this question:
"Regarding the “asset owner” and “risk owner” when it comes to people. How exactly are the two differentiated? For example – a Network Administrator. Would the asset owner be “self” and risk owner be “department manager”?
Answer: I assume you are asking a question related to people as assets in terms of ISO 27001. For Network Administrator, the asset owner would be his direct boss - e.g. the Head of IT department; risk owners should be people who can resolve particular risks - e.g.:
risk of performing wrong activities because of non-existing rules - risk owner could be Head of IT department risk of performing wrong activities because of lack of training - risk owner could be Head of HR department
This article can also help you: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Guest
VvpFXIQ Nov 18, 2021
where to buy generic abilify
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Nov 18, 2021