O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 4: ROLES AND RESPONSIBILITIES

Risk management is a process that involves people and, while many of the people involved in this process will already have specific responsibilities inside the organisation, it is important to identify precisely the contribution they are expected to make to the risk management process.

ISO27005 recommends (clause 7.4) that ‘the organization and responsibilities for the information security risk management process should be set up and maintained’ and, in a footnote, comments that the creation of an organisation capable of carrying out a risk assessment could be regarded as ‘one of the resources required by ISO/IEC 27001.’

Senior management commitment

Without senior level management commitment it is unlikely ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required