CIOs and technology leaders just starting to build formal cybersecurity and privacy oversight controls will struggle to keep up with the speed and scope the business expects from their program. In this situation, process standardization and formal decision structures will lay the foundation for a sound oversight model that addresses business need. This report — the first of three in the oversight competency of the cybersecurity and privacy playbook — helps CIOs address the challenges of the beginning phase of cybersecurity and privacy oversight.