Risk OwnersJul 05, 2022
There are many stakeholders in cybersecurity, and it makes sense to outline roles and responsibilities in terms of how each role impacts cyber resiliency.
- The board of directors
- February 21, 2018, SEC guidance requires board oversight in terms of cyber (https://www.sec.gov/rules/interp/2018/33-10459.pdf).
- Chief Information Security Officer (CISO)
- There are two types of CISOs; a governance CISO and an Operational CISO.
- Data Privacy Officer (DPO)
- General Data Protection Regulation (GDPR) requires that organizations process privacy data to have a DPO.
- Compliance Manager or Officer
- This is an individual with the responsibility to ensure the company complies with its outside regulatory obligations and internal policies.
- Auditors are responsible for developing, planning, and executing IT audit programs based on risk assessments.
- Legal team
- The legal team will be involved in cyber when a breach occurs and most likely will review all external communications before they are released to the media or regulatory authorities.
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
Author: Dr. Bill Souza | Jul 5, 2022