When it comes to federal cybersecurity, risk management has been one of those buzzwords over the last few years.
The challenge is how to measure whether an agency is truly managing risk or just talking about “managing risk.”
The latest Federal Information Security Management Act (FISMA) report to Congress shed some light on that issue.
The Office of Management and Budget says 72 agencies achieved an overall rating of “managing risk,” which is up from 62 agencies in 2018 and 33 agencies in 2017.
Grant Schneider, the federal chief information security officer, said agency progress in cyber risk management is one of the biggest surprises of the annual report.
“It really shows that agencies are paying attention and doing exactly what we want them to do in cybersecurity, which is taking that risk management approach to their infrastructure and protecting things that are most critical,” Schneider said in an interview with Federal News Network. “We definitely look at the adoption of tools, and the implementation of capabilities. We have a variety of cross-agency performance goals under the President’s Management Agenda that we set for agencies and we…
