This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Industry:Project Review/NIST SP 800-37r1 FPD Appendix D"
From OWASP
Dan Philpott (talk | contribs) (Added footnotes section.) |
(→D.2 RISK EXECUTIVE (FUNCTION)) |
||
| Line 15: | Line 15: | ||
== D.2 RISK EXECUTIVE (FUNCTION) == | == D.2 RISK EXECUTIVE (FUNCTION) == | ||
| − | + | It seems that so far, no one role is specifically required or has the objective to define one or more organizational methods for risk calculation. From personal experience, it is too easy to ignore one risk set in deference for another because of professional unfamiliarity with the first. An objective risk calculation toolset defined by organizational management provides a framework for first identifying risk, then prioritizing the addressing of risks. | |
| − | |||
== D.3 CHIEF INFORMATION OFFICER == | == D.3 CHIEF INFORMATION OFFICER == | ||
Revision as of 11:42, 20 December 2009
APPENDIX D
ROLES AND RESPONSIBILITIES
KEY PARTICIPANTS IN THE RISK MANAGEMENT PROCESS
D.1 HEAD OF AGENCY (CHIEF EXECUTIVE OFFICER)
D.2 RISK EXECUTIVE (FUNCTION)
It seems that so far, no one role is specifically required or has the objective to define one or more organizational methods for risk calculation. From personal experience, it is too easy to ignore one risk set in deference for another because of professional unfamiliarity with the first. An objective risk calculation toolset defined by organizational management provides a framework for first identifying risk, then prioritizing the addressing of risks.
