Back to M1.1.3 - P1 - ROLES AND RESPONSIBILITIES FOR INFORMATION SECURITY
The roles of the “Information Security Manager” and the “Information Security Committee” are important contributors to successful information security, and have therefore been defined as sub-controls. When implementing these sub-controls, please keep in mind that it is important to address these roles, but the name and way of implementation of these roles can be chosen by the entity.
The Information Security Committee should have a leading role for information security in the entity and should be responsible for handling the important information security issues. The members of the Information Security Committee should have a sufficient understanding of information security for directing, monitoring, and completing the necessary tasks. Typical tasks of an Information Security Committee could be:
- A. Defining and establishing roles and responsibilities for information security
- B. Monitor the adequacy of resources to maintain and improve information security in the entity and recommend to management the acquiring of additional resources where necessary
- C. Providing input into the development, approval and implementation of information security policies and procedures
Back to M1.1.3 - P1 - ROLES AND RESPONSIBILITIES FOR INFORMATION SECURITY
