Guest user Created: Jul 11, 2018 Last commented: Jul 11, 2018

CISO role

My first question would be, whether it is necessary to always list a job title (e.g. CISO) or whether it is sufficient to list the name of the person in charge for that task. In our company for example we do not have the position of a CISO yet, is it necessary to create this position or can we just stick to the "name, surname"?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 11, 2018

Answer: ISO 27001 does not require the CISO position, so you can designate any existing position in your organization to assume related information security responsibilities.

Regarding the use of name and surname, we recommend the use of role or job title, because if the person responsible for information security changes, you will have to change all related documentation to the new name, while by using the job title, in general you will have to change only the organizational chart. It is important to note that this recommendation is also valid to other roles you may define in your Information Security Management System.

These articles will provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 11, 2018

Expert Advice Community

CISO role

CISO role

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

CISO role vs ISO 27001 implementer

CISO role

CISO role in ISO 27001 implementation, suppliers and other questions