Executive management sets the tone for cybersecurity management within the organization. The level of visible
involvement and the inclusion of information risk management in key business activities and decisions indicate to
other managers the level of importance that they are also expected to apply to risk management for activities within
their organizations.