Leadership must set a tone from the top of cybersecurity as a top priority
Compliance with cybersecurity protections is not solely a function of state agency IT or technology staff. Full compliance is a series of controls, operations, procedures, and training that apply to all employees at all levels in a department.
Audits now evaluate “Tone from the Top” set by leadership, and look at how internal controls are prioritized as part of the organization’s mission.
Secure, stable data and systems are crucial to achieving a department’s mission. Therefore, cybersecurity internal controls designed to protect data and systems must be a high organizational priority.
Action Steps
Leadership and managers are responsible for establishing a strong internal controls Tone from the Top that identifies that cybersecurity internal controls are part of the foundation of all operations and are a top organizational priority.