Explore
Navigate the transformation map
Select a persona to review the relevant Level 3 activities.
Persona entry points
CISO Level 3 activities
10 matching Level 3 activities
| Level 3 name | Change required - short description | Recommended C-suite owner | Recommended operational owner | Parent Level 2 | Parent Level 1 | T-shirt size |
|---|---|---|---|---|---|---|
| Automated policy checks | Enforce runtime constraints on agent actions | CISO (with CCO) | Policy Enforcement Platform Owner | Policy enforcement | Governance | M |
| Policy-as-code | Codify policies and operating procedures | CISO (with CCO) | GRC Engineering Lead / Policy-as-Code Product Owner | Policy enforcement | Governance | L |
| Incident response and crisis playbooks | Add agent-specific incident response playbooks | CISO (with COO) | Security Operations Lead + AI Incident Response Lead | Risk management | Governance | S |
| DevSecOps control gates in CI/CD | Add agent behaviour gates to CI/CD | CISO (with CIO) | Head of DevSecOps / Secure SDLC | Architecture | Technology | M |
| Permissions and access model (RBAC / ABAC) | Extend access controls to agent identities | CISO | IAM Product Owner / Head of IAM | Architecture | Technology | L |
| Runtime action ring-fencing and safety wrappers | Ring-fence runtime actions with safety wrappers | CISO (with CIO) | Head of AI Platform Engineering (Policy Enforcement Layer) | Architecture | Technology | M |
| Infrastructure security and access controls | Secure agent identities, secrets and tool access | CISO | Head of Identity and Security Engineering | Infrastructure | Technology | L |
| Audit logging and traceability | Capture full action traces across systems | CCO (with CISO) | Head of Auditability / Logging Platform (GRC + Security Logging) | Controls | Governance | M |
| Control gating and approvals in CI/CD | Gate releases by risk tier and evidence | CRO (with CISO) | Secure Release Governance Lead | SDLC and pipelines | Process & tooling | M |
| Data accessibility and entitlements | Implement task-scoped data entitlements for agents | CDO (with CISO) | Data Access Governance Lead (Entitlements) | Data readiness | Technology | L |