2nd Line of defense – information and technology risk management function

  • Establish governance and oversight
  • Set risk baselines, policies, and standards
  • Implement tools and processes
  • Monitor and call for action, as appropriate
  • Provide oversight, consultation, checks and balances, and enterprise-level policies and standards

Source :
https://chapters.theiia.org/Orange%20County/IIA%20OC%20Presentation%20Downloads/2015-08-%20Cyber%20IA.pdf