SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Role of CISO

  Quote
Guest
Guest user Created:   Feb 08, 2022 Last commented:   Feb 10, 2022

Role of CISO

Is CISO responsible for physical data/information on paper as well as the digital information?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2022

ISO 27001 does not prescribe the role of CISO but is generally accepted that as Chief Information Security Officer this person should be responsible for data and information protection regardless of the media it is.

These articles will provide you with further explanation about CISO:

Quote
0 1
Max Feb 08, 2022

It would be interesting to also address the role of the DPO and the intersection with CISO, as private information is also information a CISO might want to protect, but he or she is most likely going to have to reckon with the DPO ;-)

Quote
0 0
Expert
Rhand Leal Feb 10, 2022

Please note that considering ISO 27001, if private information is part of the Information Security Management System scope, the CISO will have to protect it anyway. The fact that the organization may need to be compliant with some legal requirements related to private information (e.g., EU GDPR) will only mean that there are additional requirements to be considered by the CISO for the protection of this kind of information.

In cases where all private information handled by the organization is part of the ISMS scope, the CISO may also be designated as the DPO.

In such scenarios, you may want to consider the use of ISO 27701 which defines requirements for a Privacy Information Security Management System. 

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 08, 2022

Feb 10, 2022

Suggested Topics