The objectives of the Action Plan are, in line with priorities set in the Risk Audit, to:
● decrease vulnerabilities in the CyberMap
● increase protections in the CyberMap
● achieve cyber security goals on time and on budget
● evidence reasonable care in managing cyber security risk.
To achieve its objectives, the Action Plan needs to be:
● Prioritised in line with the organisation’s goals
● Inclusive of the whole organisation and its ecosystem
● Assessed for the engagement of specialist expertise and tactical services providers, particularly for critical systems
● Reviewed and signed-off by the board/organisational leader
● Shared appropriately with any involved interconnected party such suppliers and customers.