GV.RM-01.014

Have senior leaders established and agreed upon measurable cybersecurity objectives that are used to manage risk and evaluate performance?

Explanation

Leadership alignment on security is the focus: whether senior leaders have set and agreed measurable cybersecurity objectives that steer risk decisions and gauge performance. When senior leaders agree on cybersecurity objectives, it ensures consistent prioritization, resource allocation, and accountability throughout the organization. These objectives should be specific enough to measure progress and effectiveness of the security program.

Evidence could include board meeting minutes discussing cybersecurity objectives, a formal document outlining agreed-upon security metrics and KPIs, executive dashboards showing security performance against objectives, or risk management frameworks that incorporate these objectives into decision-making processes.

Implementation Example

Senior leaders agree about cybersecurity objectives and use them for measuring and managing risk and performance

ID: GV.RM-01.014

Context

Function
GV: GOVERN
Category
GV.RM: Risk Management Strategy
Sub-Category
Risk management objectives are established and agreed to by organizational stakeholders

Related questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron