Expert Advice Community

Guest

HR as asset and risk owner of SA

  Quote
Guest
Guest user Created:   Sep 16, 2022 Last commented:   Sep 19, 2022

HR as asset and risk owner of SA

Could you elaborate a little bit more on this one?

How HR is asset and risk owner of SA, and the threat is social engineering.
https://i.imgur.com/Cb67z0y.png

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 16, 2022

Please note that the System Administrator role is performed by a person, so it is logical that this “asset” should be owned by the head of an area that is responsible for managing human resources, the HR manager.

Regarding risk ownership, please note that since the identified vulnerability is related to knowledge and/or awareness, the HR area is the one that can properly treat this vulnerability (by means of training and awareness activities) and reduce the risk.

As for social engineering, this hacking technique aims at people that can be easily deceived to give information or execute insecure activities, like those with an inadequate level of knowledge and /or awareness of information security practices.  

For further information about asset and risk ownership, please read:

Quote
0 1
Guest
Albert Sep 19, 2022

Clear explanation!

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 16, 2022

Sep 19, 2022