A high-level statement that describes the desired future state of the organization’s cybersecurity.
A concise statement that defines the purpose and scope of the organization’s cybersecurity efforts.
Broad statements that describe what the organization wants to achieve in terms of cybersecurity.
Specific, measurable, achievable, relevant, and time-bound statements that support the goals and indicate how they will be accomplished.
Concrete tasks or activities that need to be performed to achieve the objectives.
Quantitative or qualitative indicators that measure the performance and impact of the actions.
A clear definition of who is accountable and responsible for each action, as well as who needs to be consulted or informed.
A realistic schedule that shows when each action will start and end, as well as any dependencies or milestones.
An estimate of the costs and benefits associated with each action, as well as the sources and allocation of funding.
A list of potential issues or barriers that could affect the implementation or success of the cyber roadmap, as well as mitigation strategies or contingency plans.