Fairfax, VA, Sept. 24, 2020 (GLOBE NEWSWIRE) -- For many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.
Cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.
There is a simple but profound difference between looking at cyber risks in light of and not considering an organization’s mission. It is only by assessing cybersecurity risks to the mission that senior leaders can determine if their security controls are adequate, data defense specialists say.
Most organizations say they perform some form of ERM, but in practice, many examine trends in cyber threat activity or the implementation of specific cybersecurity best practices as proxy measures of organizational cyber risk posture. In other cases, data integrity and security must be translated for C-suite executives or board members so they can assess the potential impact on mission performance, the cyber specialists point out.
Risks to mission accomplishment are the heart of the matter. An organization must identify mission risks arising from cyber sources so they can be included in the ERM effort, they recommend.
Experts suggest four steps for the ERM to identify cyber risks: prioritize the organization’s critical missions; identify cyber dependencies; identify cyber-related risks; and identify potential means to actualize the risk.
Senior managers and an organization’s directors should expect two inputs from the management of an organization regarding cyber risk. The first is addressing cyber risks in the context of the organization’s ERM effort; the second is the status of implementation of a basic cyber hygiene program.
Members of the AFCEA International Cyber Committee examined these issues and offer organizations—both government and industry—ways not only to begin an ERM process but also to benefit from the management technique. The explanation is available online.
Maryann Lawlor AFCEA International (703) 631-6179 email@example.com