OM-5.5.4
Boards should receive comprehensive reports, in every Board meeting, covering cyber security issues such as the following:
a. Key Risk Indicators/ Key Performance Indicators;
b. Status reports on overall cyber security control maturity levels;
c. Status of staff Information Security awareness;
d. Updates on latest internal or relevant external cyber security incidents; and
e. Results from penetration testing exercises.
Amended: July 2021
Added: January 2020
Added: January 2020