Leadership must set a tone from the top of cybersecurity as a top priority
Compliance with cybersecurity protections is not solely a function of state agency IT or technology staff. Full compliance is a series of controls, operations, procedures, and training that apply to all employees at all levels in a department.
Audits now evaluate “Tone from the Top” set by leadership, and look at how internal controls are prioritized as part of the organization’s mission.
Secure, stable data and systems are crucial to achieving a department’s mission. Therefore, cybersecurity internal controls designed to protect data and systems must be a high organizational priority.
Action Step
- Leadership and managers are responsible for establishing a strong internal controls Tone from the Top that identifies that cybersecurity internal controls are part of the foundation of all operations and are a top organizational priority.
See our CTR Cyber page for more cybersecurity internal controls. Departments should contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.