Assign topic to the user
Answer: ISO 27001 does not prescribe the role of CISO for implementation of an ISMS. The standard requires the definition and assignment of responsibilities related to information security, but not to a specific role, nor its position on organizational chart. Considering that, you can define any existing role, or create a new one, to assume the responsibilities for information security, provided it can fulfill them, but as closer its position gets to CEO the better, because the communication of information security needs and results will be faster.
These articles wil l provide you further explanation about CISO role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Comment as guest or Sign in
Aug 08, 2018