Expert Advice Community

Guest

Information security in organizational chart

  Quote
Guest
Guest user Created:   Aug 24, 2019 Last commented:   Aug 24, 2019

Information security in organizational chart

The book is useful and applicable. But in our organization we have CRO and CISO. Information security risk management must be in CRO or CISO organization ? It is big problem for us.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 24, 2019

Answer:

Since your organization has a CRO (Chief Risk Officer), and I'm assuming that by that there is an organizational-wide risk management process, you have two options:
- Leave CRO in charge of the Information security risk management, and the CISO will provide the criteria by which information security risks will be evaluated considering the CRO risk management process approach.

- Leave CISO in charge of the Information security risk management, and the CRO will provide the requirements the information security risk management process will have to follow to stay compliant with the organizational-wide risk management process approach.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 24, 2019

Aug 24, 2019

Suggested Topics