Versions

 

OM-5.5.11

The senior management must ensure that:

(a) The licensee has identified clear internal ownership and classification for all information assets and data;
(b) The licensee has maintained an inventory of the information assets and data which is reviewed and updated regularly;
(c) The cyber security staff are adequate to manage the licensee’s cyber security risks and facilitate the performance and continuous improvement of all relevant cyber security controls;
(d) It provides and requires cyber security staff to attend regular cyber security update and training sessions (for example Security+, CEH, CISSP, CISA, CISM) to stay abreast of changing cyber security threats and countermeasures.
Added: July 2021