The objectives of Action Plan Management are, in line with priorities and risk comfort levels set in the Risk Audit, to:
- decrease vulnerabilities in the CyberMap
- increase protections in the CyberMap
- achieve cyber security goals on time and on budget
- evidence reasonable care in managing cyber security risk
To achieve its objectives, the organisation’s Action Plan Management needs to be:
- Prioritised in line with the organisation’s mission and strategic goals
- Inclusive of the whole organisation and its ecosystem
- For mid-sized organisations, managed by the Cyber Security Steering Group
- For high risk systems, engaged with specialist expertise and tactical services providers
- Reviewed and signed-off by the board and business leaders
- Embedded in the organisation’s day-to-day activities.
- Shared appropriately with any involved interconnected party such suppliers and customers.