Charting Your Course: Cyber Security Governance

Charting Your Course: Cyber Security Governance

The NCSC's Charting Your Course series of documents provides organisations with practical advice on enhancing cyber security governance. The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners. The series consists of the following sections:

Introduction: Cyber security governance

Every organisation’s journey toward cyber resilience will be different. The steps set out in this series provide a general direction of travel to assist you on your cyber resilience journey. 

Download Introduction [PDF, 1.5 MB]

Step One: Building a culture of cyber resilience

Organisations must develop a culture of cyber resilience. Everyone in the organisation should feel supported to make decisions that protect the confidentiality, integrity and availability of information assets.

Download Step One [PDF, 575 KB]

Step Two:  Establishing roles and responsibilities

Clearly defining an organisation’s cyber security roles and responsibilities, and establishing who is best suited to performing them, is an important step to achieving effective cyber security governance.

Download Step Two [PDF, 595 KB]

Step Three: Holistic risk management

Effective risk management is a core aspect of governance and must be embedded within an organisation's overall risk framework.

Download Step Three [PDF, 543 KB]

Step Four: Cyber security collaboration

Successfully translating a cyber security strategy and vision into action requires the wider organisation’s support.  This can be achieved by establishing a committee and a working group with representation from key stakeholders across the business.

Download Step Four [PDF, 566 KB]

Step Five: Create a cyber security programme

A cyber security programme will help ensure any investment provides the best possible improvement in cyber resilience.

Download Step Five [PDF, 573 KB]

Step Six: Measuring resilience

The effectiveness of cyber security activity should be accurately measured and reported.  Measurement and reporting provide the basis for continuous improvement.

Download Step Six [PDF, 599 KB]

Combined Document

A combined version of Charting Your Course: Cyber Security Governance containing all six steps can be downloaded at the link below.