Summary
There is a lot to the Govern function. First, we learned that we must ensure that our cybersecurity program portrays the right message to those in the ELT and that we align our program to those initiatives. We must ensure that we review the company’s mission and vision statements, along with their business objectives, so that we know what those objectives are. Once understood, we can align our program with those objectives.
We also learned that we need to build KPIs or metrics around how the program is running. This will highlight what’s working and what areas need improvement. Share these with the ELT or executive sponsor of your committees so that they’re in the know for how well the program is running.
Creating charters with associated RACI charts is important so that people understand what’s expected of them. These charters are then used to guide the various programs that will need to be developed to support your overall cybersecurity program...
