The organization will formally assign the responsibility for logical and physical security. [UCF ID 00770]
Supporting and supported controls
This control directly supports:
• Maintain the IT staff structure in line with strategic goals [UCF Control ID 00764]
This control has the following supporting controls:
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Information Security Pg 5; FFIEC IT Examination Handbook – Management Pg 9; FFIEC IT Examination Handbook – Operations Pg 5; CobiT 4.1 PO4.8, DS12.3; The Standard of Good Practice for Information Security SM1.1.3; ISO 17799:2000, Code of Practice for Information Security Management § 4.1.3; Payment Card Industry Self-Assessment Questionnaire B § 12.4; Payment Card Industry Self-Assessment Questionnaire C § 12.4; Payment Card Industry Self-Assessment Questionnaire D § 12.4; AICPA Suitable Trust Services Criteria ¶ 17 (2.3)
Banking and Finance Guidance
The FFIEC IT Examination Handbook – Management Pg 9 states that the organization should ensure a risk management function is assigned for measuring, monitoring, and controlling risk. The risk management function should oversee information security, continuity planning, auditing, and compliance.
Credit Card Guidance
The Payment Card Industry Self-Assessment Questionnaire D § 12.4 states that the security policy and procedures should define the information security responsibilities for all employees and contractors.
The Payment Card Industry Self-Assessment Questionnaire C § 12.4 states that the security policy and procedures should define the information security responsibilities for all employees and contractors.
The Payment Card Industry Self-Assessment Questionnaire B § 12.4 states that the security policy and procedures should define the information security responsibilities for all employees and contractors.