Challenge
A major federal government department with a worldwide presence operated with decentralized technology and risk management governance. Internal and third-party reviews had shown it lacked strategic risk awareness and mitigation policies, and was facing some cyber hygiene issues. The organization was concerned that:
- Both senior leaders and mission stakeholders were not receiving risk and impact data
- Cyber-related policies needed updating
- Cybersecurity defenses could be improved
Solution
The department partnered with Guidehouse to identify and address its cybersecurity risk management issues. Guidehouse formed a multidisciplinary team, spanning enterprise risk management, data analytics, change management, communications, and cybersecurity. Guidehouse developed a new communications schema following National Institute of Standards and Technology organizational risk guidance, enabling technical teams to share cyber and technology risk information with key stakeholders using language and framing that made its potential impacts clear. The team also developed a custom awareness campaign outlining the importance of…
