1. Size – Measure overall risk exposure across the organization's value chain
2. Monetize – Adopt a defensible framework for quantifying the benefits of cybersecurity investments
3. Operationalize... more »
In a similar way to State Governors being able to declare a "State of Emergency" to unlock resources and federal assistance, perhaps Federal CISO's should be able to declare an "InfoSec State of Emergency" to unlock some shared assets and capabilities to enable the 30 day Cyber sprint a reality.
Engage agency executives to be proactively demanding requirements/expectations/priorities from cyber shops
Use FITARA governance requirements to get cyber risks built into program and budgeting evaluations up front, not afterwards
Cement the relationship between CISOs and RMOS and CDOs; not just an exclusive reporting relationship to CIOs
Response to question 7) How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an ongoing component of agency risk management practices, not just a sidebar activity?
On Aug 31, 2015 Governor McAuliffe of Virginia signed an executive directive mandating an expansion of cyber risk management activities within the VA government and agencies. Its intended goal is to improve the protection of citizens' personal information and other sensitive data and systems.
We commend... more »
How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just... more »