3.1.2 Cyber Security Strategy
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
A cyber security strategy should be defined and aligned with the Member Organization's strategic objectives, as well as with the Banking Sector's cyber security strategy.
Objective
To ensure that cyber security initiatives and projects within the Member Organization contribute to the Member Organization's strategic objectives and are aligned with the Banking Sector's cyber security strategy.
Control considerations
| 1. | The cyber security strategy should be defined, approved, maintained and executed. | |
| 2. | The cyber security strategy should be aligned with: | |
| a. | the Member Organization's overall objectives; | |
| b. | the legal and regulatory compliance requirements of the Member Organization; | |
| c. | the Banking Sector's cyber security strategy. | |
| 3. | The cyber security strategy should address: | |
| a. | the importance and benefits of cyber security for the Member Organization; | |
| b. | the anticipated future state of cyber security for the Member Organization to become and remain resilient to (emerging) cyber security threats; | |
| c. | which and when cyber security initiatives and projects should be executed to achieve the anticipated future state. | |