Stakeholders for cybersecurity program management activities are identified and involved
Context and Guidance: Stakeholders of the cybersecurity program are identified and involved in the performance of practices. This could include stakeholders from within the function, from across the organisation, or from outside the organisation, depending on how the organisation implemented the practices. Stakeholders might include project managers, business process owners, and owners of affected assets and services, as well as staff involved in cybersecurity activities. Identification of stakeholders and their appropriate involvement should be documented in some way, such as in position descriptions or team charters.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: PROGRAM-2f, PROGRAM-2j.