💼 4 Roles and responsibilities - Sufficient and timely information

Contextual name: 💼 4 Roles and responsibilities - Sufficient and timely information
ID: /frameworks/apra-cpg-234/04
Located in: 💼 APRA CPG 234

Description

Empty...

Section	Sub Sections	Internal Rules	Policies	Flags
💼 13 The Board, governing bodies and individuals would typically define their information requirements (e.g. schedule, format, scope and content) to ensure they are provided with sufficient and timely information to effectively discharge their information security roles and responsibilities. Reporting to governing bodies would normally be supported by defined escalation paths and thresholds. An APRA-regulated entity could benefit from implementing processes for periodic review of audience relevance and fitness for use.
💼 14 In APRA’s view, effective information security reporting normally incorporates both quantitative and qualitative content. For non-technical audiences, technical information and metrics would be supplemented with appropriate thematic analysis and commentary on business implications. Attachment H illustrates various information security reporting and metrics that governing bodies and individuals could find useful regarding information security.