Risk Owners

There are many stakeholders in cybersecurity, and it makes sense to outline roles and responsibilities in terms of how each role impacts cyber resiliency.

1. The board of directors
   1. February 21, 2018, SEC guidance requires board oversight in terms of cyber (https://www.sec.gov/rules/interp/2018/33-10459.pdf).
2. Chief Information Security Officer (CISO)
   1. There are two types of CISOs; a governance CISO and an Operational CISO.
3. Data Privacy Officer (DPO)
   1. General Data Protection Regulation (GDPR) requires that organizations process privacy data to have a DPO.
4. Compliance Manager or Officer
   1. This is an individual with the responsibility to ensure the company complies with its outside regulatory obligations and internal policies.
5. Auditors
   1. Auditors are responsible for developing, planning, and executing IT audit programs based on risk assessments.
6. Legal team
   1. The legal team will be involved in cyber when a breach occurs and most likely will review all external communications before they are released to the media or regulatory authorities.

========

• Blog: https://www.execcybered.com/blog
• Training: https://www.execcybered.com/iso27001foundationcourse
• Linkedin: https://www.linkedin.com/company/exceccybered/
• Twitter: https://twitter.com/DrBillSouza
• Instagram: https://www.instagram.com/drbillsouza/

Author: Dr. Bill Souza | Jul 5, 2022