Cybersecurity Governance

cybersecurity governance smallbusiness Aug 19, 2022

Once you have your hardware and software inventories, the next step might not be obvious. Still, before performing a risk assessment, you’ll need to establish a governance structure to report risk and regulatory, legal, and operational requirements.

This particular governance requirement is covered in the NIST CSF subcategory ID.GV-4 “governance and risk management processes address cybersecurity risk.”

As cybersecurity risk continues to escalate to the board of directors and C-suite level executives for managing cyber threats by shareholders and other stakeholders, a reporting structure needs to be in place. Regardless of your company’s size, developing and implementing a system for informing top decision-makers of cybersecurity risks will likely play an ever-more important role in your role as a cybersecurity executive.

Depending on the size of your organization, this can be accomplished in several different ways; here are two approaches:
Internal governance committees comprise cybersecurity, IT, and business area executives.
An internal or external information risk steering committee that reports the risk program’s strategic direction.

Even if your organization is small and you outsource your cybersecurity to a vendor, you still require cybersecurity governance that keeps top management informed about the risk profile.


*** FREE GUIDE ***



Author: Dr. Bill Souza | Aug 19, 2022 


Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.