RM-9.1.4
Senior management, and where appropriate, the boards, should receive comprehensive reports, covering cyber security issues such as the following:
a. Key Risk Indicators/ Key Performance Indicators;
b. Status reports on overall cyber security control maturity levels;
c. Status of staff Information Security awareness;
d. Updates on latest internal or relevant external cyber security incidents; and
e. Results from penetration testing exercises.
Amended: January 2022
Added: October 2019
Added: October 2019