GV.RM-01.014

Have senior leaders established and agreed upon measurable cybersecurity objectives that are used to manage risk and evaluate performance?

Explanation

This question assesses whether the organization's leadership has a unified approach to cybersecurity with clear, measurable objectives that drive risk management decisions and performance evaluation. When senior leaders agree on cybersecurity objectives, it ensures consistent prioritization, resource allocation, and accountability throughout the organization. These objectives should be specific enough to measure progress and effectiveness of the security program. Evidence could include board meeting minutes discussing cybersecurity objectives, a formal document outlining agreed-upon security metrics and KPIs, executive dashboards showing security performance against objectives, or risk management frameworks that incorporate these objectives into decision-making processes.

Implementation Example

Senior leaders agree about cybersecurity objectives and use them for measuring and managing risk and performance

ID: GV.RM-01.014

Context

Function: GV: GOVERN
Category: GV.RM: Risk Management Strategy
Sub-Category: Risk management objectives are established and agreed to by organizational stakeholders

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub