CISO Goals
Control & DirectionCISO Goals are the top-level strategic objectives for your security program. They represent board-level commitments, regulatory mandates, or organizational security priorities that the CISO is accountable for delivering. Each CISO Goal can cascade into one or more Team Goals, creating a traceable chain from strategic intent to team-level execution.
CISO Goals integrate with Strategy (strategic alignment), Project Management (project linkage), Policy Lifecycle (related policies), Control Framework (related controls), and Maturity Assessment (capability assessments). Goals cascade to Team Goals.
Managing CISO Goals
Navigate to Objectives & Outcomes > CISO Goals to view all CISO-level goals. The list view uses an editable table where you can update fields inline without opening each record. A stats bar at the top shows the count of goals in each status for quick reference.
Filtering and search
Use the Search and Filter Bar above the table to narrow the list. Available filters include:
- Status — Filter by one or more goal statuses (Not Started, In Progress, On Track, At Risk, Completed, Cancelled)
- Strategy — Filter by the linked strategy to see which goals support a specific strategic plan
- Owner — Filter by the assigned goal owner
Combine filters to answer questions like “Which goals owned by the VP of Security Operations are currently At Risk?”
Inline editing
Click any editable cell in the table to update it directly. Changes are saved automatically. This is the fastest way to update statuses, adjust dates, or reassign owners across multiple goals without leaving the list view.
Creating a CISO Goal
Open the creation form
Click New CISO Goal or navigate to Objectives & Outcomes > CISO Goals > New. The creation form opens with all required and optional fields.
Provide goal details
Fill in the following fields:
| Field | Description | Required |
|---|---|---|
| Goal Name | A concise title for the objective (e.g., “Achieve SOC 2 Type II certification”) | Yes |
| Description | Detailed explanation of the goal, success criteria, and context. Uses the Lexical rich-text editor for formatted content including headings, lists, and links. | No |
| Category | A classification label for grouping related goals | No |
| Start Date | When work on this goal begins | No |
| Target Date | The deadline for achieving the goal | No |
| Period Type | The planning cadence — Annual, Quarterly, Monthly, or Custom | No |
| Period Label | A human-readable label for the period (e.g., “Q3 2025”, “FY2025”) | No |
| Owner | The user accountable for this goal | No |
Link to a strategy
Select a Strategy to align this goal with a strategic plan from the Security Direction module. Strategy linking ensures that every CISO Goal maps back to a documented strategic initiative, providing traceability for board and audit reporting.
Save the goal
Click Save to create the goal. It will appear in the CISO Goals list with a default status of Not Started.
Description editor
The description field uses the Lexical rich-text editor, which supports formatted text, bulleted and numbered lists, headings, and inline links. Use the description to capture detailed success criteria, background context, or references to external documents. Click the expand icon on any goal in the list view to open the description in a dialog for easier reading and editing.
Status lifecycle
CISO Goals move through the following statuses as work progresses:
| Status | When to use |
|---|---|
| Not Started | Goal has been defined but no work has begun |
| In Progress | Active work is underway toward the goal |
| On Track | Work is progressing and the goal is expected to be achieved by the target date |
| At Risk | Progress has stalled, blockers have emerged, or the target date is in jeopardy |
| Completed | The goal has been fully achieved |
| Cancelled | The goal has been withdrawn and will not be pursued |
Update the status from the list view (inline editing) or from the goal detail page.
Linking related records
CISO Goals can be linked to records across the platform to establish cross-module traceability. From the goal detail page, you can associate:
- Policies — Link related policies from the Policy Lifecycle module to show which policies support this objective
- Controls — Link controls from the Control Framework to demonstrate how the goal is operationalized
- Projects — Link projects from Execution Tracking to connect strategic goals to tactical delivery
- Maturity Capability Assessments — Link maturity assessments to tie goals to capability improvement targets
These relationships are stored as reference IDs and are visible on the goal detail page, providing a complete picture of how the goal connects to the broader security program.
Cascading to Team Goals
Each CISO Goal can be broken down into one or more Team Goals. Navigate to Team Goals and select the parent CISO Goal when creating a new team goal. The Team Goals list view also supports filtering by parent CISO Goal using the ?cisoGoalId= URL parameter, so you can quickly see all team-level work supporting a specific strategic objective.
Archiving and deleting
Goals that are no longer relevant can be archived to remove them from the active list while retaining them for historical reference. If a goal was created in error, you can delete it permanently. Both actions are available from the goal detail page or through bulk actions in the list view.
Permissions
Managing CISO Goals requires the goals:manage permission. Users with this permission can create, edit, archive, and delete CISO Goals. Users with goals:read can view goals and their linked records but cannot make changes.