There should be an entity designated as “owner” of every system.
This owner is the policy maker for all aspects of risk management with respect to the system, and exerts the ultimate authority for controlling the system.
|
|
| namespace | SABSA |
| stereotype | RiskAttribute |
| softMetric | Soft Independent audit and review against Security Architecture Capability Maturity Model of the ownership arrangements and of the management processes by which owners should fulfil their responsibilities, and of their diligence in so doing. |