Cybersecurity responsibilities and job requirements are reviewed and updated periodically and according to defined triggers, such as system changes and changes to organisational structure
Context and Guidance: Responsibilities and requirements for a job should be reviewed and updated on a predetermined basis, using one or more triggers such as time elapsed, personnel changes, and process changes. Those triggers ensure that the responsibilities and requirements of the role adapt to changes in organisational risk, organisational processes, or the threat landscape. Keeping job responsibilities and requirements up-to-date helps ensure that personnel have a clear understanding of the roles they play in the cybersecurity of the organisation.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: WORKFORCE-3a, WORKFORCE-3d, WORKFORCE-3e.