1. A cross-functional, C-Suite-led cybersecurity executive council oversees the following elements of risk governance and resilience, meets at least quarterly and has direct access to the board.
2. Cybersecurity responsibility is embedded across the operating model, business functions, and merger and acquisition assessments. It is incorporated into all senior executive performance goals and compensation.
3. There are consistent enterprise-wide policies and standards which are endorsed by the CEO/Board and are effectively monitored and audited.
Comments