7. Executive Leadership-led Risk Management

How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just a side-bar activity?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

7. Executive Leadership-led Risk Management

Improved Visibility, Cost Savings Can Boost Exec Risk Management

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, ...more »

Submitted by

Voting

0 votes
Public Input

7. Executive Leadership-led Risk Management

Money Doesn't Grow On Trees - Focus Your Spend

Federal executives continue to grapple with how best to allocate funds in addressing prevalent and emerging cyber threats. Federal agencies can empower executives in the fight against cyber crime by taking three calculated actions: 1. Size – Measure overall risk exposure across the organization's value chain 2. Monetize – Adopt a defensible framework for quantifying the benefits of cybersecurity investments 3. Operationalize ...more »

Submitted by

Voting

15 votes
Public Input

7. Executive Leadership-led Risk Management

Agency CISO declare InfoSec "State of Emergency"

In a similar way to State Governors being able to declare a "State of Emergency" to unlock resources and federal assistance, perhaps Federal CISO's should be able to declare an "InfoSec State of Emergency" to unlock some shared assets and capabilities to enable the 30 day Cyber sprint a reality.

Submitted by

Voting

1 vote
Public Input

7. Executive Leadership-led Risk Management

CISOs, CROs CDOs (SuperSIG)

Cement the relationship between CISOs and RMOS and CDOs; not just an exclusive reporting relationship to CIOs

Submitted by

Voting

1 vote
Public Input

7. Executive Leadership-led Risk Management

Executive Leadership and Risk Managment

Response to question 7) How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an ongoing component of agency risk management practices, not just a sidebar activity?

Submitted by

Voting

1 vote
Public Input

7. Executive Leadership-led Risk Management

NEWS FLASH America--CEOs & Sr Ldrs get FIRED over breaches

As enterprises strive to gain value by leveraging technology, the risk associated with digital business is increasing. Isolated approaches to information security, business continuity and incident response are a thing of the past; today, the urgency of providing continuously available services for customers and business partners in the digital economy requires enterprises to become resilient. A resilient enterprise protects ...more »

Submitted by

Voting

2 votes
Public Input

7. Executive Leadership-led Risk Management

Ensure the Success of Cyber Risk Management Initiatives

What government organizations need to do to ensure the success of their nascent cyber risk management initiatives . On Aug 31, 2015 Governor McAuliffe of Virginia signed an executive directive mandating an expansion of cyber risk management activities within the VA government and agencies. Its intended goal is to improve the protection of citizens' personal information and other sensitive data and systems. We commend ...more »

Submitted by

Voting

1 vote
Public Input

7. Executive Leadership-led Risk Management

Supported ITAPS recommendations, part 2

Provide for the escalation of risk-based decisions through senior leadership if critical security recommendations are rejected by owners of business lines or applications, ensuring critical security decisions are not made in isolation. For example, decisions to keep critical systems available while overriding security recommendations should no longer be routinely deferred exclusively to network, system, or application ...more »

Submitted by

Voting

2 votes
Public Input

7. Executive Leadership-led Risk Management

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just ...more »

Submitted by

Voting

1 vote
Public Input

7. Executive Leadership-led Risk Management

Independent Organizational Assessment

Organizations in government tend to be overly optimistic about their capabilities and performance, reference OPM's epic failure. Cyber security is too important to be left to self-assessments. An organization should be externally assessed and rated by unbiased and competent evaluators. Risk is only one aspect of management performance. Governance, culture and technical competence are but three key facets that determine ...more »

Submitted by

Voting

3 votes
Public Input