Risk management responsibilities
During this section, we are going to cover the people responsible for risk management in organizations; however, we should always remember that everyone in an organization should be responsible for the risk they pose to it by becoming security-aware and not being idle to threats that the organization faces daily.
Regarding the people responsible for risk management, first and foremost is the CISO, who is in charge of risk mitigations by providing solutions to problems the organization will face or is facing at any moment. Furthermore, the CISO has to be in control and protect the organization from all threats that are stacked against it. The CISO chooses to identify the risk model and what analytical approaches should be used in risk assessment. Also, the CISO will be the one to communicate the risk assessment results to the board along with the solutions that will minimize that risk. Some organizations may not have a CISO position, but this can...