Scribd
Upload
420 views5 pages

Cyber Security Roles and Responsibilities RACI Matrix EXAMPLE

Uploaded by

jixiv96424
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
420 views5 pages

Cyber Security Roles and Responsibilities RACI Matrix EXAMPLE

Uploaded by

jixiv96424
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Cyber security roles and responsibilities RACI matrix (EXAMPLE)

Read 'Agreeing roles and responsibilities' for guidance on how to complete this matrix.

Project Details

Government organisation or arm's-length body:

Project name:

Project Senior Risk Owner (SRO):

Document Control

Document classification:

Completed by:

Version number:

Last updated on:

Matrix Key

Team members making a direct contribution toward the completion of a


R (Responsible)
task.
The individual (typically one, but can be two where there's shared
A (Accountable)
ownership) with final authority over the successful completion of a task.
Subject matter experts providing input on the task and advising how it
C (Consulted)
may impact other activities‍.
People kept up-to-date on the progress and outcome of an activity who
I (Informed)
do not need to give input on the work.
Secure by Design Activities - Details of the
Delivery Product
recommended tasks and outputs required to Manager Manager
meet the Secure by Design Principles.

Considering security within the business case - R


Identifying security resources R R
Agreeing roles and responsibilities R R
Tracking Secure by Design progress R C
Working out the project's security risk appetite I R
Managing third-party product security risks I C
Understanding cyber security obligations I R
Understanding business objectives and user needs I R
Documenting service assets I C
Assessing the importance of service assets I C
Sourcing a threat assessment I R
Performing threat modelling I I
Performing a security risk assessment I I
Agreeing a security controls set for your service I I
Responding to and mitigating security risks I C
Assessing the effectiveness of security controls I C
Implementing a vulnerability management process I I
Discovering vulnerabilities I I
Managing observability I I
Evaluating the security impact of changes R C
Retiring service components securely I A
Development
Frontend
Business User Technical operations
Service Owner Software
Analysts Researchers Architects (DevOps)
Developers
engineer

A R - - - -
A C - C C C
A C C C C C
A C C C C C
C - - - - -
A I - C C C
A R - C I I
A R R C I I
A R - R C -
A R - C - C
C - - R - -
A - - R C C
A - - C C C
A C - I C C
A - - C C R
A I - C R R
A - - I C R
A - - C C R
A - - C C R
A I - C C R
A R - C C R
Head of Cyber
Security or
Chief Programme or Senior
Chief Security Adviser Security
Technology Project Responsible
Information (SA) Architects
Officer (CTO) Managers Owner (SRO)
Security Officer
(CISO)
C - A - - -
C R A - - C
- R A - - C
C R A - - C
- I A - - -
C I A C C R
C I A - C C
I I A - - C
- I A - - R
I I A - - -
I I A - - R
C I A I I R
C I A I I R
I I A C C R
I I A I I R
I I A I I R
C I A C I R
C I A I - C
C I A C - R
I R A I I C
C I A C C C
Technical
Security Security Risk
Assurance Managers
Experts

- -
- -
C C
C C
- -
C R
- C
- C
- R
- C
- R
C R
C R
C R
C R
C C
C C
I -
- C
C C
C C

You might also like