RM-3.1.10

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

The senior management must be responsible for the following activities:

(a) Create the overall cyber security risk management framework and adequately oversee its implementation;

(b) Formulate an organisation-wide cyber security strategy and cyber security policy;

(c) Implement and consistently maintain an integrated, organisation-wide, cyber security risk management framework, and ensure sufficient resource allocation;

(d) Monitor the effectiveness of the implementation of cyber security risk management practices and coordinate cyber security activities with internal and external risk management entities;

(e) Ensure that internal management reporting caters to cyber threats and cyber security risk treatment;

(f) Prepare quarterly or more frequent reports on all cyber incidents (internal and external) and their implications on the licensee; and

(g) Ensure that processes for identifying the cyber security risk levels across the licensee are in place and annually evaluated.

Added: January 2022