Cyber risk management is vital for protecting the nation’s data assets from cyber adversaries. Yet the Government Accountability Office uncovered security gaps in risk management as the agency analyzed the effectiveness of the 2023 National Cybersecurity Strategy.
GAO has pointed out the need for robust guidance to assist federal agencies in evaluating, prioritizing and mitigating cybersecurity risks. This guidance should facilitate coordinated efforts with key players, including state and local governments, the private sector and international allies. The GAO’s report emphasizes the barriers these agencies encounter when enacting cybersecurity risk management processes, such as recruiting and retaining skilled staff, handling multiple priorities concurrently and standardizing cyber capabilities across various platforms and systems.
Furthermore, there is a pressing call for federal agencies to refine their cyber risk evaluation methods. The existing system predominantly relies on the Common Vulnerability Scoring System (CVSS), which assesses the criticality of security vulnerabilities within software…
