The comprehensive Information Security policy or program should be overseen by the highest-level executive to ensure it’s enforceability throughout all levels of the organization. Each specific policy should be under the ownership of an executive-level individual within the relevant department or unit. For instance, the Acceptable Use Policy (AUP) should be overseen by the Legal executive, typically the General Counsel. Similarly, the Network security policy should be managed by the Chief Information Officer (CIO), although the responsibilities for implementing the controls might lie with the Chief Technology Officer (CTO) or another individual accountable for Infrastructure. Frequently, the policy owner may also assume the role of the risk owner.
Who should own the Cyber security Policy
Comments
One response to “Who should own the Cyber security Policy”
-
Good read to know on information security policy and it’s importance across organization and ownership of policy at each level.
Leave a Reply