Continuing the discussion on cybersecurity leaders’ concerns is Cybersecurity Governance. Governance of a cybersecurity program and related subprograms is a significant concern for cybersecurity leaders. Governance in this domain is divided into the domains of Strategy and Business Alignment, and Planning. Cybersecurity leaders will be concerned with how a cybersecurity program and related subprograms operate. This includes ensuring the program is aligned with a company’s business and technology strategies, fiscal responsibility, reporting, and ensuring there is relevant capability and resource allocation to deliver on the program’s core operating model. Within this domain, whether a company is public or privately held, cybersecurity leaders need to be concerned with reporting program efficacy and efficiency to steering committees and the board of directors. Concerns will be specific to critical infrastructure industries, markets, and verticals that not all can be accounted for here. SEC filing requirements are also a concern when working with public companies.

Anyone can use and modify this public domain document to meet their needs.

SABSA is the copyright and trademark of the SABSA Institute; all rights reserved.
TOGAF is the copyright and trademark of The Open Group; all rights reserved.