RM-9.1.4
Senior management, and where appropriate, the board should receive comprehensive reports covering cyber security issues such as the following:
a. Key Risk Indicators/ Key Performance Indicators;
b. Status reports on overall cyber security control maturity levels;
c. Status of staff Information Security awareness;
d. Updates on latest internal or relevant external cyber security incidents; and
e. Results from penetration testing exercises.
Amended: January 2022
Added: April 2019
Added: April 2019