SAMMY UI is optimized for resolutions with a width 1024px and higher.
Organizational Leadership Responsibility
GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
  • Ex1:  Leaders (e.g., directors) agree on their roles and responsibilities in developing, implementing, and assessing the organization’s cybersecurity strategy
  • Ex2:  Share leaders’ expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or negative examples of cybersecurity risk management
  • Ex3:  Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategy and review and update it at least annually and after major events
  • Ex4:  Conduct reviews to ensure adequate authority and coordination among those responsible for managing cybersecurity risk
Description

Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving