← Back to catalog
PM-29

Risk Management Program Leadership Roles

Program Management (PM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Appoint a Senior Accountable Official for Risk Management to align organizational information security and privacy management processes with strategic, operational, and budgetary planning processes; and Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Discussion

The senior accountable official for risk management leads the risk executive (function) in organization-wide risk management activities.

Implementation guidance

No content available.

CSF 2.0 crosswalk
GV.RR-01Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improvingGovern
GV.RR-02Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforcedGovern