Without clear responsibilities set out in a risk management plan, the right decision makers can be left out of the conversations that they are needed for. This phase will take you through the following activities:

  • Determine the function of the risk executive.
  • Determine the function of the board of directors and IT security group.
  • Build a security risk responsibilities document.
  • Define the organizational risk tolerance level.

Use this phase as part of the full blueprint, Combine Information Security Risk Management Components Into One Program.

Also In

Combine Security Risk Management Components Into One Program

With great risk management comes a great security program.

Related Content

Hide Details

Search Code: 88021
Published: March 22, 2019
Last Revised: March 22, 2019

Tags:

risk tolerance, risk governance, security risk management, risk structure, Board of Directors, cyber security, cyber risk

Social

Get Access

Get Instant Access
To unlock the full content, please fill out our simple form and receive instant access.