Expert Advice Community

Guest

CISO role

  Quote
Guest
Guest user Created:   Jul 11, 2018 Last commented:   Jul 11, 2018

CISO role

My first question would be, whether it is necessary to always list a job title (e.g. CISO) or whether it is sufficient to list the name of the person in charge for that task. In our company for example we do not have the position of a CISO yet, is it necessary to create this position or can we just stick to the "name, surname"?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 11, 2018

Answer: ISO 27001 does not require the CISO position, so you can designate any existing position in your organization to assume related information security responsibilities.

Regarding the use of name and surname, we recommend the use of role or job title, because if the person responsible for information security changes, you will have to change all related documentation to the new name, while by using the job title, in general you will have to change only the organizational chart. It is important to note that this recommendation is also valid to other roles you may define in your Information Security Management System.

These articles will provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 11, 2018

Jul 11, 2018

Suggested Topics