Back

Align the cybersecurity program strategy with the organization's strategic plan.


CONTROL ID
14322
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a strategic plan., CC ID: 12784

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The establishment and ongoing development of the IT security risk management framework would normally be directed by an overarching IT security strategy and a supporting program of work. This strategy would typically be aligned with a regulated institution's IT and business strategies, as appropriat… (¶ 24, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • Each Member State shall adopt a national cybersecurity strategy that provides for the strategic objectives, the resources required to achieve those objectives, and appropriate policy and regulatory measures, with a view to achieving and maintaining a high level of cybersecurity. The national cyberse… (Article 7 1., DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
  • The requirements are adapted to the organization's goals, (1.1.1 Requirements (must) Bullet 1 Sub-Bullet 1, Information Security Assessment, Version 5.1)
  • You develop and pursue a positive cyber security culture. (B6.a ¶ 1, NCSC CAF guidance, 3.1)
  • CSPs will provide, either as part of their Incident Response Plan or through an Incident Response Plan Addendum, their approach to fulfilling DoD Cyberspace Defense integration requirements. CSPs will make their plan or addendum available to DISA for review and approval as a condition of its PA and … (Section 6.5.1 ¶ 1, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan. (T0445, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan. (T0445, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organizational mission is understood and informs cybersecurity risk management (GV.OC-01, The NIST Cybersecurity Framework, v2.0)
  • Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions (GV.RM-07, The NIST Cybersecurity Framework, v2.0)