๐ผ 12 Information security roles and responsibilities are typically located in separate business areas, as well as within the IT function itself and in third parties and related parties. This can result in issues such as a lack of ownership, unclear accountabilities, ineffective oversight and fragmentation of practices with respect to information security. APRA regulated entities could address these issues by maintaining clear delineation between the responsibilities of each area and implementing compensating measures. Compensating measures could include establishing a virtual security group comprised of individuals with information security roles and responsibilities.
- Contextual name: ๐ผ 12 Information security roles and responsibilities are typically located in separate business areas, as well as within the IT function itself and in third parties and related parties. This can result in issues such as a lack of ownership, unclear accountabilities, ineffective oversight and fragmentation of practices with respect to information security. APRA regulated entities could address these issues by maintaining clear delineation between the responsibilities of each area and implementing compensating measures. Compensating measures could include establishing a virtual security group comprised of individuals with information security roles and responsibilities.
- ID:
/frameworks/apra-cpg-234/03/12 - Located in: ๐ผ 3 Roles and responsibilities - Clearly defined roles and responsibilities
Descriptionโ
Empty...
Similarโ
- Internal
- ID:
dec-c-fc16bc33
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|