Organizational context (GV.OC)
Organizational context is meant to align yourself and your cyber program with business objectives. Does the program fall in or out of the core business objectives? How are risks identified and communicated to key stakeholders? Maybe your business also requires that you follow other frameworks or regulatory requirements. How will that affect your program?
GC.OC-01
Chances are your organization has a mission and vision statement, but do you know what they are? Mission and vision statements are meant to help drive the purpose of the company. They are also meant to be public-facing so that their customers, even shareholders, can understand and know what the company strives for.
A mission statement is a short statement that mentions why the company is in business and how it defines its goals and values. These statements do not have to be very long; in fact, some...
