(RECOMMENDATIONS FOR C-SUITE EXECUTIVES) 1. Develop an understanding of the threats that quantum computing will pose for your ICT infrastructure in the coming years. Request a briefing within 6 months. 1. Normative reference: [NIST: Cybersecurity White Paper - Getting Ready for PQC April 2021, 10 pages ](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04282021.pdf) 2. Informative references: 1. [InfoSec Global Blog: The Time for Post-Quantum Readiness is Now, January 28, 2022](https://www.infosecglobal.com/posts/the-time-for-post-quantum-readiness-is-now) 2. Cloud Security Alliance: [[Executive Summary of Quantum-Safe Preparation]] 2. Ask one (or more) of your staff to form a team to investigate the scope of the effort that will be needed for your organization to start using standardized and new “quantum-resistant” cryptography in the coming years, and to identify which of your IM, IT and/or OT systems may need be remediated first. 1. Normative reference: CCCS: ITSAP.00.017 – [Preparing Your Organization for the Quantum Threat to Cryptography](https://www.cyber.gc.ca/en/guidance/preparing-your-organization-quantum-threat-cryptography-itsap00017) 2. Informative references: 1. World Economic Forum: [Transitioning to a Quantum-Secure Economy](https://www3.weforum.org/docs/WEF_Transitioning%20to_a_Quantum_Secure_Economy_2022.pdf) 2. PKI Consortium Post-Quantum Cryptography Conference: [Comparing Strategies for Quantum-Safe Cryptography Adoption in Organisations](https://www.youtube.com/watch?v=RbwwxZSBjyo) 3. GSMA and IBM: [The quantum clock is ticking – How quantum safe is your organization](https://www.ibm.com/downloads/documents/us-en/10a99803fcafdd23) 1. Request periodic reporting on the progress of #2 (e.g. quarterly) and decide when to advance to Phase 1 (Discovery), as described in Section 3.1 of this document. 1. Informative reference: World Economic Forum: [Is your business quantum-safe? 6 questions you should be asking]