A new model for cyber risk management
What: “Managing Cybersecurity Risk in Government: An Implementation Model,” a report from the IBM Center for The Business of Government
Why: While federal agencies are required to comply with the National Institute of Standards and Technology’s Risk Management Framework and Cybersecurity Framework, they still must develop their approaches to managing cybersecurity risk. A single model for risk assessment, mitigation and monitoring allows agencies to tailor approaches for particular cyber challenges and creates an opportunity to harmonize approaches across agencies.
Findings: To improve agencies’ cyber risk management, this report proposes a five-step decision matrix called PRISM, for Prioritize, Resource, Implement, Standardize and Monitor. The cybersecurity evaluation model will help cyber decision-makers create tailored approaches to risk management and better communicate the impact of investments in security resources on reducing targeted cyber risks.