Roles and responsibilities for infosec management
Assign topic to the user
First of all, sorry for this confusion.
Top-level information security roles and responsibilities are defined in the Information Security Policy.
Specific roles and responsibilities for information security are defined in each template, considering activities to be performed (i.e., there is no central document specifying these ones). The parts in a template where you can find roles can be identified by a text like "[jobtitle]". For example, in the Backup policy, you have "[jobtitle] is responsible to perform backup restore."
ISO 27001 does not prescribe which roles and responsibilities must be performed, so an organization is free to define the framework that best suits it (e.g, by creating new roles, or designating information security responsibilities to already existing roles.
These articles will provide you further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Comment as guest or Sign in
Oct 28, 2019