The CISO regularly reports directly to their organisation’s executive committee or board of directors on cyber security matters.
Topic
Reporting on cyber security
Applicable to
all
History
Priority
should
Jun 2024
The CISO regularly reports directly to their organisation’s executive committee or board of directors on cyber security matters.
The existing control recommending CISOs report to their organisation’s senior executive or Board on cyber security matters was amended to specify CISOs regularly report to their organisation’s executive committee or board of directors.
Mar 2022
The CISO reports directly to their organisation’s senior executive or Board on cyber security matters.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Oct 2020
The CISO reports directly to their organisation’s senior executive and/or Board on cyber security matters.
Security control 0718 was reintroduced and amended slightly.
2010
The CISO should report to the agency head on information security issues.