Without clear responsibilities set out in a risk management plan, the right decision makers can be left out of the conversations that they are needed for. This phase will take you through the following activities:
- Determine the function of the risk executive.
- Determine the function of the board of directors and the IT security group.
- Build a security risk responsibilities document.
Use this phase as part of the full blueprint Establish a Security Risk Governance Structure.