Assigned cybersecurity responsibilities are managed to ensure adequacy and redundancy of coverage, including succession planning
Context and Guidance: Resource planning and analysis should be conducted to determine staffing requirements for cybersecurity activities. Periodic budgeting should ensure adequate funding for those requirements. Staffing needs should include training and availability of backup personnel, at least for critical tasks. Succession planning should involve higher level managers to identify potential successors and to ensure they are mentored and trained to take roles in the future contingent on vacancies that have not yet occurred.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: WORKFORCE-3b, WORKFORCE-3c, WORKFORCE-3f.