GV.RR-01.034

Does leadership actively communicate expectations for a secure and ethical culture, particularly leveraging current events as teaching opportunities?

Explanation

This question assesses whether organizational leaders visibly promote security values by connecting them to real-world examples. When leaders discuss security incidents in the news or highlight team members demonstrating good security practices, it reinforces that security is a priority and helps employees understand practical applications of security policies. Evidence could include internal communications (emails, newsletters, town hall recordings) where leadership discusses security incidents or ethical dilemmas from current events, explaining how the organization's values and security practices relate to these situations.

Implementation Example

Share leaders' expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or negative examples of cybersecurity risk management

ID: GV.RR-01.034

Context

Function: GV: GOVERN
Category: GV.RR: Roles, Responsibilities, and Authorities
Sub-Category: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub