Expert Advice Community

Guest

CISO role

  Quote
Guest
Guest user Created:   Aug 08, 2018 Last commented:   Aug 08, 2018

CISO role

I have a question, the CISO shall be mandatory under the CEO of the company in the structure of the company or is fine to be also under the COO ? According to the ISO27001 where is stated to be placed the CISO? We are under ISO27001 implementation and we have this debate and I want to understand if we are ok with that . From my perspective if the CISO has the right budget and profile in the organisation to make the things according to the standards can be as well under the COO.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 08, 2018

Answer: ISO 27001 does not prescribe the role of CISO for implementation of an ISMS. The standard requires the definition and assignment of responsibilities related to information security, but not to a specific role, nor its position on organizational chart. Considering that, you can define any existing role, or create a new one, to assume the responsibilities for information security, provided it can fulfill them, but as closer its position gets to CEO the better, because the communication of information security needs and results will be faster.

These articles wil l provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 08, 2018

Aug 08, 2018