CISM - Information Security Risk Management - Section 2.5
Establish risk and control ownership to ensure accountability for residual risk.
Establish clear risk ownership and control ownership to ensure that accountability for residual risk is assigned to an individual with the authority to act on it. Distinguish between the risk owner, who accepts residual risk, and the control owner, who is responsible for the control's design and operation.
Risk ownershipControl ownershipAccountabilityResidual risk
More in this domain
Back to all Information Security Risk Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.