Cybersecurity Governance
Aug 19, 2022Once you have your hardware and software inventories, the next step might not be obvious. Still, before performing a risk assessment, you’ll need to establish a governance structure to report risk and regulatory, legal, and operational requirements.
This particular governance requirement is covered in the NIST CSF subcategory ID.GV-4 “governance and risk management processes address cybersecurity risk.”
As cybersecurity risk continues to escalate to the board of directors and C-suite level executives for managing cyber threats by shareholders and other stakeholders, a reporting structure needs to be in place. Regardless of your company’s size, developing and implementing a system for informing top decision-makers of cybersecurity risks will likely play an ever-more important role in your role as a cybersecurity executive.
Depending on the size of your organization, this can be accomplished in several different ways; here are two approaches:
Internal governance committees comprise cybersecurity, IT, and business area executives.
An internal or external information risk steering committee that reports the risk program’s strategic direction.
Even if your organization is small and you outsource your cybersecurity to a vendor, you still require cybersecurity governance that keeps top management informed about the risk profile.
========
*** FREE GUIDE ***
https://www.execcybered.com/asset-management
Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Twitter: https://twitter.com/DrBillSouza
Instagram: https://www.instagram.com/drbillsouza/
Youtube: https://bit.ly/3BGOtPA
Author: Dr. Bill Souza | Aug 19, 2022
