GV.RM-01.012

Does your organization update cybersecurity risk management objectives as part of annual strategic planning and when significant organizational or environmental changes occur?

Explanation

Regular updates to cybersecurity risk management objectives ensure alignment with evolving business goals and the changing threat landscape. This process should incorporate both short-term tactical objectives and long-term strategic goals, with updates triggered by annual planning cycles and significant events such as mergers, new regulations, or major security incidents. Evidence could include documented cybersecurity objectives within strategic planning documents, meeting minutes showing risk objective discussions, a risk management framework that includes review triggers, or before/after examples of how objectives were modified following organizational changes.

Implementation Example

Update near-term and long-term cybersecurity risk management objectives as part of annual strategic planning and when major changes occur

ID: GV.RM-01.012

Context

Function
GV: GOVERN
Category
GV.RM: Risk Management Strategy
Sub-Category
Risk management objectives are established and agreed to by organizational stakeholders

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron