GV.RR-02:

Implementation Examples

Ex1:

Leaders (e.g., directors) agree on their roles and responsibilities in developing, implementing, and assessing the organization's cybersecurity strategy

Ex2: 

Share leaders' expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or negative examples of cybersecurity risk management

Ex3: 

Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategy and review and update it at least annually and after major events

Ex4: 

Conduct reviews to ensure adequate authority and coordination among those responsible for managing cybersecurity risk