GV.OV-02:
The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks
Implementation Examples
Ex1:
Review audit findings to confirm whether the existing cybersecurity strategy has ensured compliance with internal and external requirements
Ex2:
Review the performance oversight of those in cybersecurity-related roles to determine whether policy changes are necessary
Ex3:
Review strategy in light of cybersecurity incidents