Action Plan Management

The Action Plan defines the process of improving Cyber Security Maturity Levels and the protection of organisational assets and sensitive information.

The objectives of Action Plan Management are, in line with priorities and risk comfort levels set in the Risk Audit, to:

  • decrease vulnerabilities in the CyberMap
  • increase protections in the CyberMap
  • achieve cyber security goals on time and on budget
  • evidence reasonable care in managing cyber security risk

To achieve its objectives, the organisation’s Action Plan Management needs to be:

  • Prioritised in line with the organisation’s mission and strategic goals
  • Cross-functional
  • Inclusive of the whole organisation and its ecosystem
  • For mid-sized organisations, managed by the Cyber Security Steering Group
  • For high risk systems, engaged with specialist expertise and tactical services providers
  • Reviewed and signed-off by the board and business leaders
  • Embedded in the organisation’s day-to-day activities.
  • Shared appropriately with any involved interconnected party such suppliers and customers.


Leave a Reply

Your email address will not be published. Required fields are marked *