Organizational Roles & Responsibilities

In an organization, the most important area for the management is the division of roles and responsibilities. On the other hand organization’s structure, is the base for developing any organization. Structure of an organization is a chain of hierarchy, which divides the different roles and responsibilities among individuals associated with the organization. In this part of this tutorial we take a look at Organizational Roles and Responsibilities

The following figure is related to ISO 27000 standard to define the overall structure of the organization:

iso27000, itperfection, CIISP, organization roles, training,
[rev_slider alias=”Advertisement-1″ /]
  • Board of Directors: A board of directors is an elected group of individuals that represent shareholders. The board is a governing body that typically meets at regular intervals to set policies for corporate management and oversight. Every public company must have a board of directors. Some private and nonprofit organizations also have a board of directors.
  • Executive Directors: An executive director is the senior operating officer or manager of an organization or corporation, usually at a non-profit. Their duties are similar to those of a chief executive officer (CEO) of a for-profit company. The executive director is responsible for strategic planning, working with the Board of Directors, and operating within a budget.
  • Chief Security Officer (CSO): The CSO is the executive responsible for the organization’s entire security posture, both physical and cyber, and has the big picture view of the company’s operational risk.
  • Information Security Management (ISM): Information security management describes the set of policies and procedural controls that IT and business organizations implement to secure their informational assets against threats and vulnerabilities.
  • Information Asset Owners: They are those persons, who are responsible for the protection of information assets. They are accountable for this security by the Security Committee or local Security Committee.
  • End-users: The responsibilities of End-Users are as follows
  1. Reporting any suspicious activity and security violations to appropriate personnel
  2. They are responsible for complying with all security requirements & policies of an organization
  3. Moral Responsibility of organizational information asset
  4. Participating in information security training
  5. Responsible for complying with contractual requirements