Read HSTRisk: Finding the Right Path with the Cyber Risk Management Cheshire Cat in Homeland Security Today
The bad news is that, given the current state of risk management in the cybersecurity industry, and the short time frame set by the EO, “that simply wasn’t going to happen – at least not in any sort of consistent and defensible manner,” in Jack’s opinion.
“If the government wants to ensure that cybersecurity strategy and planning are prioritized consistently and based on apples-to-apples cost-benefit analyses,” Jack writes, “it must adopt a standard cyber risk measurement model and method” like the FAIR model that powers the RiskLens platform, as a complement to NIST CSF assessments. Get the rest of Jack’s thinking on government cybersecurity at Homeland Security Today.
Read Jack's eBook: An Executive's Guide to Cyber Risk Economics