Editor’s Note: For more information about the importance of cyber secrity being cost-effective, see CircleID here and CRE presentation to the EU-US High Level Regulatory Cooperation Forum here.
From: FCW
By Dan Chenok, John Lainhart
Engaging leaders in protecting an organization’s cyber, IT and information assets is a critical starting point to effective security. A next logical step for any government or commercial organization is to leverage risk management and analytics to implement a mission-based security program.
As organizations move forward, guidance from the National Institute of Standards and Technology and evolving capabilities in industry are merging to define a path forward for agencies to follow.
Information security and risk management are essential for all public-sector organizations because they depend on information and IT systems to make informed, critical decisions and successfully carry out their missions. And those IT systems and information resources are subject to almost constant threats that can have significant and wide-ranging impacts on operations, compromising the confidentiality, integrity or availability of information for an agency.
Given the significant and growing danger of these threats, leaders must understand their responsibilities for achieving sound information security and for managing IT-related security risks. As we’ve discussed previously, the Obama administration’s Cybersecurity Framework provides a broad road map for government and commercial organizations to get started on this effort. Although the process is complex, several resources allow agencies to enhance such understanding in a public-sector context.
Leave a Reply