Information security in organizational chart
Assign topic to the user
Answer:
Since your organization has a CRO (Chief Risk Officer), and I'm assuming that by that there is an organizational-wide risk management process, you have two options:
- Leave CRO in charge of the Information security risk management, and the CISO will provide the criteria by which information security risks will be evaluated considering the CRO risk management process approach.
- Leave CISO in charge of the Information security risk management, and the CRO will provide the requirements the information security risk management process will have to follow to stay compliant with the organizational-wide risk management process approach.
Comment as guest or Sign in
Aug 24, 2019