Which business stakeholder is accountable for the integrity of a new information system?
Which business stakeholder is accountable for the integrity of a new information system?
The board of directors is ultimately accountable for the integrity of a new information system. They hold the highest level of authority within an organization and are responsible for ensuring that appropriate governance, risk management, and control measures are in place to protect the integrity, confidentiality, and availability of the organization's information systems. While roles like the Compliance Officer, CISO, and Project Manager have important operational responsibilities, it is the board of directors that carries the ultimate accountability for the overall governance and integrity of the information systems in the business.
I would have thought the system owner would be accountable, the CISO's role is to advise the business owner, but the business owners are accountable for taking the action to protect the system and it is their choice to release it.
The business stakeholder accountable for the integrity of a new information system is typically the Chief Information Security Officer (CISO). The CISO is responsible for ensuring that the information security measures, including controls and processes, are adequately implemented to protect the integrity, confidentiality, and availability of the system. This includes overseeing the development, implementation, and maintenance of security policies and procedures, conducting risk assessments, and ensuring compliance with relevant standards and regulations. According to NIST Special Publication 800-53, the CISO plays a crucial role in managing the security and privacy controls for information systems and ensuring these controls are effective throughout the system development life cycle. The CISO's responsibilities encompass the establishment and maintenance of an organization's overall security posture, which directly includes the integrity of new information systems.