Leadership¶
Leadership is the decision layer of cybersecurity.
Definition¶
Leadership sets direction, accountability, risk tolerance, investment, and governance for the cybersecurity program.
Common leadership families¶
| Family | Examples |
|---|---|
| Strategy | Mission, objectives, operating model, principles |
| Governance | Committees, roles, ownership, decision rights |
| Risk | Risk appetite, risk register, exceptions |
| Investment | Budget, staffing, tooling, prioritization |
| Reporting | Board reporting, executive metrics, program scorecards |
| Culture | Awareness, behavior, accountability, security champions |
| Roadmap | Program plan, milestones, targets, dependencies |
Page pattern¶
A leadership article should explain the decision, owner, evidence, tradeoff, and communication path.