Scribd
Upload
6K views5 pages

PDS NIST Cybersecurity Framework RACI

This document contains a responsibility assignment matrix that assigns roles and responsibilities for various cybersecurity framework functions including identify, protect, detect, respond and improve. Key responsibilities include: - The Director of Information Security is accountable for identify, protect, detect and respond functions. - The Director of IT is responsible for identify, protect, detect and respond functions. - The Strategic Committee is accountable for risk assessment and risk management strategy and consults on other functions. - The Chief Financial Officer is accountable for risk assessment, risk management strategy and protection functions and consults on others.

Uploaded by

Alex Dcosta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6K views5 pages

PDS NIST Cybersecurity Framework RACI

This document contains a responsibility assignment matrix that assigns roles and responsibilities for various cybersecurity framework functions including identify, protect, detect, respond and improve. Key responsibilities include: - The Director of Information Security is accountable for identify, protect, detect and respond functions. - The Director of IT is responsible for identify, protect, detect and respond functions. - The Strategic Committee is accountable for risk assessment and risk management strategy and consults on other functions. - The Chief Financial Officer is accountable for risk assessment, risk management strategy and protection functions and consults on others.

Uploaded by

Alex Dcosta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Identity Accountability Matrix: Displays the accountability assignments related to 'Identity' in the NIST Cybersecurity Framework, outlining roles for task achievement.
  • Protect Accountability Matrix: Illustrates the accountability assignments for the 'Protect' function, detailing the responsible parties for security measures.
  • Detect Accountability Matrix: Shows the accountability assignments associated with 'Detect', focusing on roles in anomaly detection and security monitoring.
  • Response Accountability Matrix: Details the accountability assignments under the 'Response' function, emphasizing roles in planning and analysis.
  • Recover Accountability Matrix: Outlines the accountability assignments for 'Recover', specifying responsible roles in recovery planning and communication.

PDS ‐ NIST Cybersecurity Framework ‐ Accountability

Responsibility Assignment Matrix

R esponsible (The Doers) ‐ Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.
A ccountable (The Buck Stops Here) ‐ The one ultimately answerable for correctness and thoroughness of the completed task.
C onsult Those whose opinions are sought, typically subject matter experts. Two‐way communication.
I nform Those kept up to date on progress with whom there is one‐way communication.

Identify

Risk
Asset Business Risk Management
Management Environment Governance Assessment Strategy
ID.AM ID.BE ID.GV ID.RA ID.RM
Board of Directors Inform Consult Consult Consult
Strategic Committee Inform Consult Inform Consult
Chief Financial Officer Consult Accountable Accountable Accountable Accountable
Director Legal Services Consult Consult Consult Consult Consult
Director Information Security Accountable Responsible Responsible Responsible Responsible
Director IT Responsible Responsible Responsible Responsible Responsible
Director Operations Consult Consult Consult Consult Consult
Director Human Resources Consult Consult Consult Consult Consult
Director Communications Consult Consult Consult Consult
Director Customer Service Consult Consult Consult Consult
Business Process Owners Consult Consult Consult Consult Consult
Employees/Staff Inform Inform Inform
Third Party Management Consult Inform Consult Inform
PDS ‐ NIST Cybersecurity Framework ‐ Accountability
Responsibility Assignment Matrix

R esponsible (The Doers) ‐ Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.
A ccountable (The Buck Stops Here) ‐ The one ultimately answerable for correctness and thoroughness of the completed task.
C onsult Those whose opinions are sought, typically subject matter experts. Two‐way communication.
I nform Those kept up to date on progress with whom there is one‐way communication.

Protect

Access Awareness & Data Info Protection Protective


Control Training Security Processes Maintenance Technology
PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT
Board of Directors Inform
Strategic Committee Consult Inform Inform Inform Inform
Chief Financial Officer Consult Consult Consult Consult Inform Inform
Director Legal Services Consult Consult Consult Consult
Director Information Security Accountable Accountable Accountable Accountable Accountable Accountable
Director IT Responsible Responsible Responsible Responsible Responsible Responsible
Director Operations Consult Responsible Consult Consult Consult
Director Human Resources Responsible Responsible Consult Consult
Director Communications Inform Responsible Consult
Director Customer Service Consult Responsible Consult Consult
Business Process Owners Consult Responsible Responsible Responsible Consult Inform
Employees/Staff Inform Inform Inform Inform
Third Party Management Inform Inform Inform
PDS ‐ NIST Cybersecurity Framework ‐ Accountability
Responsibility Assignment Matrix

R esponsible (The Doers) ‐ Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.
A ccountable (The Buck Stops Here) ‐ The one ultimately answerable for correctness and thoroughness of the completed task.
C onsult Those whose opinions are sought, typically subject matter experts. Two‐way communication.
I nform Those kept up to date on progress with whom there is one‐way communication.

Detect

Security
Anomalies & Continuous Detection
Events Monitoring Processes
DE.AE DE.CM DE.DP
Board of Directors
Strategic Committee
Chief Financial Officer Consult Consult Consult
Director Legal Services Inform Inform Consult
Director Information Security Accountable Accountable Accountable
Director IT Responsible Responsible Responsible
Director Operations Consult Consult Consult
Director Human Resources Consult Consult Consult
Director Communications Consult
Director Customer Service Consult
Business Process Owners Consult Consult Consult
Employees/Staff Consult Consult Inform
Third Party Management
PDS ‐ NIST Cybersecurity Framework ‐ Accountability
Responsibility Assignment Matrix

R esponsible (The Doers) ‐ Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.
A ccountable (The Buck Stops Here) ‐ The one ultimately answerable for correctness and thoroughness of the completed task.
C onsult Those whose opinions are sought, typically subject matter experts. Two‐way communication.
I nform Those kept up to date on progress with whom there is one‐way communication.

Respond

Response
Planning Communications Analysis Mitigation Improvements
RS.RP RS.CO RS.AN RS.MI RS.IM
Board of Directors Consult Consult Inform Inform Consult
Strategic Committee Consult Consult Accountable Accountable Accountable
Chief Financial Officer Consult Consult Consult Consult Consult
Director Legal Services Consult Responsible Consult Responsible Consult
Director Information Security Accountable Consult Responsible Responsible Responsible
Director IT Responsible Consult Responsible Responsible Responsible
Director Operations Consult Consult Consult Consult Consult
Director Human Resources Consult Responsible Consult Responsible Responsible
Director Communications Consult Accountable Consult Responsible Responsible
Director Customer Service Consult Responsible Consult Responsible Responsible
Business Process Owners Consult Consult Consult Consult Consult
Employees/Staff Inform Inform Inform Inform Inform
Third Party Management Inform Inform Inform Inform Inform
PDS ‐ NIST Cybersecurity Framework ‐ Accountability
Responsibility Assignment Matrix

R esponsible (The Doers) ‐ Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.
A ccountable (The Buck Stops Here) ‐ The one ultimately answerable for correctness and thoroughness of the completed task.
C onsult Those whose opinions are sought, typically subject matter experts. Two‐way communication.
I nform Those kept up to date on progress with whom there is one‐way communication.

Recover

Recovery
Planning Improvements Communications
RE.RP RC.IM RC.CO
Board of Directors Consult Consult Consult
Strategic Committee Accountable Accountable Accountable
Chief Financial Officer Responsible Consult Consult
Director Legal Services Responsible Consult Consult
Director Information Security Responsible Responsible Consult
Director IT Responsible Responsible Consult
Director Operations Consult Consult Consult
Director Human Resources Consult Consult Responsible
Director Communications Responsible Responsible Responsible
Director Customer Service Consult Responsible Responsible
Business Process Owners Consult Consult Consult
Employees/Staff Inform Inform Inform
Third Party Management Inform Inform Inform

You might also like