GV.RR-03:
Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies
Implementation Examples
Ex1:
Conduct periodic management reviews to ensure that those given cybersecurity risk management responsibilities have the necessary authority
Ex2:
Identify resource allocation and investment in line with risk tolerance and response
Ex3:
Provide adequate and sufficient people, process, and technical resources to support the cybersecurity strategy