A CISO is appointed to provide cyber security leadership and guidance for their organisation (covering information technology and operational technology).
Topic
Providing cyber security leadership and guidance
Applicable to
all
History
Priority
must
Jun 2024
A CISO is appointed to provide cyber security leadership and guidance for their organisation (covering information technology and operational technology).
The existing control recommending CISOs be appointed to provide cyber security leadership and guidance for their organisation was amended to capture information technology and operational technology.
Oct 2020
A CISO is appointed to provide cyber security leadership and guidance for their organisation.
Security control 0714 was amended to capture a CISO’s role in providing cyber security guidance for their organisation.
Sep 2020
A CISO is appointed to provide cyber security leadership for their organisation.
Mar 2020
A CISO is appointed to provide cyber security leadership for their organisation.
The ‘outsourced gateway services’ content was amended to remove references to cloud services.
Jan 2020
A CISO is appointed to provide cyber security leadership for their organisation.
2017
Agencies must appoint a senior executive, commonly referred to as the CISO, who isresponsible for coordinating communication between security and business functions aswell as manage and understand the application of controls and security risk managementprocesses.
Control Text Changed. No public explaination.
2015
Agencies must appoint a senior executive, commonly referred to as the CISO, who isresponsible for coordinating communication between security and business functions as wellas overseeing the application of controls and security risk management processes.
2010
Agencies must appoint a person to the role of CISO or have the role undertaken by an existing person.