CHAPTER 4: ROLES AND RESPONSIBILITIES
Risk management is a process that involves people and, while many of the people involved in this process will already have specific responsibilities inside the organisation, it is important to identify precisely the contribution they are expected to make to the risk management process.
ISO27005 recommends (clause 7.4) that ‘the organization and responsibilities for the information security risk management process should be set up and maintained’ and, in a footnote, comments that the creation of an organisation capable of carrying out a risk assessment could be regarded as ‘one of the resources required by ISO/IEC 27001.’
Senior management commitment
Without senior level management commitment it is unlikely ...
Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.