Cybersecurity responsibilities are assigned to specific people, at least in an ad hoc manner
Context and Guidance: Assign personnel to the cybersecurity responsibilities identified in WORKFORCE-3a. These may be full-time roles or just a small set of responsibilities given to someone whose primary role is in a different area. The main goal is to ensure that some specific person (or persons) is accountable for each of the activities needed to implement the function’s cybersecurity program.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: WORKFORCE-3b, WORKFORCE-3c, WORKFORCE-3f.