The cybersecurity program strategy and priorities are documented and aligned with the organisation’s mission, strategic objectives, and risk to critical infrastructure
Context and Guidance: The cybersecurity program strategy is developed as part of the organisation’s strategic business planning and specifically addresses the actions, activities, and tasks that must be performed to support achievement of the organisation’s strategic objectives and to manage risks to critical infrastructure within the organisation’s risk tolerances and appetite.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: PROGRAM-1a, PROGRAM-1b, PROGRAM-1c, PROGRAM-1d, PROGRAM-1e, PROGRAM-1f, PROGRAM-1g, PROGRAM-1h.