This Control has the following implementation support Control(s):
Identify root causes of staffing shortages, if any exist., CC ID: 13276
Analyze the ability of Human Resources to attract a competent workforce., CC ID: 13275
Include how risk is perceived by the workforce in the analysis of workforce management., CC ID: 12969
Include compensation structures in the analysis of workforce management., CC ID: 12902
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
the management and staff of the relevant business lines and support functions (i.e., the first line of defense) are accountable for, and competent in, assessing and monitoring the relevant risks and implementing the required risk management controls; and (§ 3.2.1(i), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
Analyze the existing approach to managing and enabling the workforce including compensation structures and other incentives. (OCEG GRC Capability Model, v 3.0, L3.2 Analyze Management Culture, OCEG GRC Capability Model, v 3.0)
current and forecast human, technical, information and financial resource levels, and human and technical resource capabilities; (§ 9.3 ¶ 2(j), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Management, with board oversight, defines the human capital needed to carry out strategy and business objectives. Understanding the needed competencies helps in establishing how various business processes should be carried out and what skills should be applied. This begins with the board of director… (Establishing and Evaluating Competence ¶ 1, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
Employee training and management; (Section 4.C ¶ 1(4)(a), Insurance Data Security Model Law, NAIC MDL-668, Q4 2017)
Determine the institution's ability to attract and retain a competent workforce and the ability of HR management to effectively meet the requirements for IT and the lines of business that IT supports. (App A Objective 5:1, FFIEC Information Technology Examination Handbook - Management, November 2015)
Personnel administration. (App A Objective 12:4 b., FFIEC Information Technology Examination Handbook - Management, November 2015)
Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. (T0390, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. (T0369, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements. (T0376, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. (T0390, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements. (T0376, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. (T0369, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Employee training and management. (Section 27-62-4(c)(4) a., Code of Alabama, Title 27, Chapter 62, Sections 1-11, Insurance Data Security Law)
Employee training and management; (Part VI(c)(3)(D)(i), Connecticut General Statutes, Title 38a, Chapter 697, Part VI, Section 38a-38, Insurance Data Security Law)
Employee training and management. (§ 8604.(c)(4) a., Delaware Code, Title 18, Chapter 86, Sections 8601-8611, Insurance Data Security Act)
Employee training and management; (§431:3B-202(b)(4)(A), Hawaii Revised Statute, Volume 9, Chapter 431, Article 3B, Sections 101-306, Insurance Data Security Law)
Employee training and management. (Sec. 17.(4)(A), Indiana Code, Title 27, Article 2, Chapter 27, Sections 1-32, Insurance Data Security)
Employee training and management. (507F.4 3.d.(1), Iowa Code, Title XIII, Chapter 507F, Sections 1-16, Insurance Data Security)
Employee training and management. (§2504.C.(4)(a), Louisiana Revised Statutes, Title 22, Chapter 21, Sections 2501-2511, Insurance Data Security)
Employee training and management; (§2264 3.D.(1), Maine Revised Statutes, Title 24-A, Chapter 24-B, Sections 2261-2272, Maine Insurance Data Security Act)
Employee training and management. (Sec. 555.(3)(d)(i), Michigan Compiled Laws, Chapter 5A Sections 550-565, Data Security)
employee training and management; (§ 60A.9851 Subdivision 3(4)(i), Minnesota Statutes, Chapter 60A, Sections 985 - 9857, Information Security Program)
Employee training and management; (§ 83-5-807 (3)(d)(i), Mississippi Code Annotated, Title 83, Chapter 5, Article 11, Sections 801 - 825, Insurance Data Security Law)
Employee training and management; (§ 420-P:4 III.(d)(1), New Hampshire Revised Statutes, Title XXXVIII, Chapter 420-P, Sections 1-14, Insurance Data Security Law)
Employee training and management; (26.1-02.2-03. 3.d.(1), North Dakota Century Code, Title 26.1, Chapter 26.1â02.2, Sections 1-11, Insurance Data Security)
Employee training and management; (Section 3965.02 (C)(4)(a), Ohio Revised Code, Title 39, Chapter 3965, Sections 1-11, Cybersecurity Requirements For Insurance Companies)
employee training and management; (SECTION 38-99-20. (C)(4)(a), South Carolina Code of Laws, Title 38, Chapter 99, Sections 10-100, Insurance Data Security Act)
Employee training and management; (§ 56-2-1004 (3)(D)(i), Tennessee Code Annotated, Title 56, Chapter 2, Part 10, Sections 1-11, Insurance Data Security Law)
Employee training and management. (§ 601.952(2)(c)1., Wisconsin Statutes, Chapter 601, Subchapter IX, Sections 95-956, Insurance Data Security)
