4 Experts Comment – Deloitte Calls For Integration Of Cybersec And ERM Functions At Federal Agencies

By   ISBuzz Team
Writer , Information Security Buzz | Sep 27, 2021 12:05 am PST

BACKGROUND:

The Partnership for Public Service and Deloitte released a report Thursday How Integrating Enterprise Risk Management Can Strengthen Federal Cybersecurity, based on working sessions with ERM and cybersecurity experts in spring of this year. Excerpt: 

“Participants discussed how agencies can use ERM programs and principles to enhance the effectiveness of cybersecurity initiatives, noting in particular how ERM can help evaluate cybersecurity risks with a strategic lens and bring those risks to the attention of agency leaders. This issue brief summarizes these discussions and highlights several leading practices used by agencies that work at the intersection of ERM and cybersecurity.”

Subscribe
Notify of
guest
4 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Heidi Brown
Heidi Brown , Privacy Associate
September 27, 2021 8:21 am

<p>It is essential for the U.S. government to prioritize cybersecurity. Such massive breaches as the SolarWinds attack must be prevented. To increase cybersecurity, it makes sense to leverage existing Enterprise Risk Management (ERM) functions to address cyber risks; this way, ERM practitioners can consider cyber risks in relation to the organization as a whole.</p>
<p>To accomplish this integration of ERM and cybersecurity, communication is key. Aleada strongly agrees with using common terminology to help ERM experts understand and establish cybersecurity protocols from an enterprise risk perspective, allowing both technical experts and ERM leaders to effectively communicate and plan to prevent future cyber attacks.</p>

Last edited 2 years ago by Heidi Brown
Doug Britton
Doug Britton , CEO
September 27, 2021 8:11 am

<p>We understand and agree that the scope of cyber security extends well beyond endpoint protection and network security. Taking a holistic approach to identifying organizational risks and taking steps to put protections in place is fundamental to overall security. We see the path forward is beyond another system but an urgent need for more cyber security professionals to enter the workforce. We have the tools to find them regardless of background. We need to ensure we all do our part to grow the community of cyber professionals to truly achieve critical security goals.</p>

Last edited 2 years ago by Doug Britton
Saryu Nayyar
Saryu Nayyar , CEO
September 27, 2021 8:10 am

<p>Thanks at least in part to recent ransomware attacks, cybersecurity remains at the top of the priority list for many organizations, especially in government. A recently released Deloitte Study calls for close integration of cybersecurity and enterprise risk management (ERM) functions at federal agencies.</p>
<p>Clearly cybersecurity, especially an analytics-based approach to cybersecurity, should be integrated with enterprise risk management in general. While risk management encompasses more than simply cybersecurity, analytics approaches assess the risks of particular activities and should be a part of the overall risk management program.</p>

Last edited 2 years ago by Saryu Nayyar
Garret F. Grajek
September 27, 2021 8:09 am

<p>Nothing has been more in the news of late than cyber security and the attacks on all domains, especially the critical domains such as government and public infrastructure. The attacks have garnered so much attention that the federal government has mandated, via the DoD’s Cybersecurity Maturity Model Certification that all 300,000+ defense contractors have to meet the CMMC guidelines at least one of the five levels. The content of the CMMC is not new – it’s based on NIST 800-171, on controlling CUI (Controlled Unclassified Information). NIST 800-171 borrows much of its content from a document that has been documented by the agency since 2005, NIST 800-53, which provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security.  </p>
<p>The best practices and procedures, has thus been documented – now the agencies are being encouraged by stick and carrot to follow these guidelines.</p>

Last edited 2 years ago by Garret F. Grajek

Recent Posts

4
0
Would love your thoughts, please comment.x
()
x