The CISO regularly reports directly to their organisation’s audit, risk and compliance committee (or equivalent) on cyber security matters.
Topic
Reporting on cyber security
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Jun 2024
The CISO regularly reports directly to their organisation’s audit, risk and compliance committee (or equivalent) on cyber security matters.
A new control was added recommending CISOs regularly report to their organisation’s audit, risk and compliance committee (or equivalent) on cyber security matters.