Expert Advice Community

Guest

Roles and responsibilities for infosec management

  Quote
Guest
Guest user Created:   Oct 28, 2019 Last commented:   Oct 28, 2019

Roles and responsibilities for infosec management

What I’m missing from the toolkit, are the roles and responsibilities for infosec management i.e. the A.6 organization of information security. It does not say anything about key roles and responsibilities for ISMS. And that’s what I’m after. To me, the package looks incomplete.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 28, 2019

First of all, sorry for this confusion.

Top-level information security roles and responsibilities are defined in the Information Security Policy.

Specific roles and responsibilities for information security are defined in each template, considering activities to be performed (i.e., there is no central document specifying these ones). The parts in a template where you can find roles can be identified by a text like "[jobtitle]". For example, in the Backup policy, you have "[jobtitle] is responsible to perform backup restore."

ISO 27001 does not prescribe which roles and responsibilities must be performed, so an organization is free to define the framework that best suits it (e.g, by creating new roles, or designating information security responsibilities to already existing roles.

These articles will provide you further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 28, 2019

Oct 28, 2019

Suggested Topics