4 Experts Comment – Deloitte Calls For Integration Of Cybersec And ERM Functions At Federal Agencies

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
Business Data Breach

Expert(s): ISBuzz Staff | Informationsecuritybuzz.com »

BACKGROUND:

The Partnership for Public Service and Deloitte released a report Thursday How Integrating Enterprise Risk Management Can Strengthen Federal Cybersecurity, based on working sessions with ERM and cybersecurity experts in spring of this year. Excerpt:

“Participants discussed how agencies can use ERM programs and principles to enhance the effectiveness of cybersecurity initiatives, noting in particular how ERM can help evaluate cybersecurity risks with a strategic lens and bring those risks to the attention of agency leaders. This issue brief summarizes these discussions and highlights several leading practices used by agencies that work at the intersection of ERM and cybersecurity.”

EXPERTS COMMENTS
Saryu Nayyar

| September 27, 2021

Saryu Nayyar, CEO, Gurucul

Thanks at least in part to recent ransomware attacks, cybersecurity remains at the top of the priority list for many organizations, especially in government. A recently released Deloitte Study calls for close integration of cybersecurity and enterprise risk management (ERM) functions at federal agencies.

Clearly cybersecurity, especially an analytics-based approach to cybersecurity, should be integrated with enterprise risk management in general. While risk management encompasses more than simply cybersecurity, analytics approaches assess the risks of particular activities and should be a part of the overall risk management program.

 

| September 27, 2021

Heidi Brown, Privacy Associate, Aleada

It is essential for the U.S. government to prioritize cybersecurity. Such massive breaches as the SolarWinds attack must be prevented. To increase cybersecurity, it makes sense to leverage existing Enterprise Risk Management (ERM) functions to address cyber risks; this way, ERM practitioners can consider cyber risks in relation to the organization as a whole.

To accomplish this integration of ERM and cybersecurity, communication is key. Aleada strongly agrees with using common terminology to help ERM experts understand and establish cybersecurity protocols from an enterprise risk perspective, allowing both technical experts and ERM leaders to effectively communicate and plan to prevent future cyber attacks.

 

| September 27, 2021

Garret F. Grajek, CEO, YouAttest

Nothing has been more in the news of late than cyber security and the attacks on all domains, especially the critical domains such as government and public infrastructure. The attacks have garnered so much attention that the federal government has mandated, via the DoD’s Cybersecurity Maturity Model Certification that all 300,000+ defense contractors have to meet the CMMC guidelines at least one of the five levels. The content of the CMMC is not new – it’s based on NIST 800-171, on controlling CUI (Controlled Unclassified Information). NIST 800-171 borrows much of its content from a document that has been documented by the agency since 2005, NIST 800-53, which provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security.

The best practices and procedures, has thus been documented – now the agencies are being encouraged by stick and carrot to follow these guidelines.

 

| September 27, 2021

Doug Britton, Ceo, Haystack Solutions

We understand and agree that the scope of cyber security extends well beyond endpoint protection and network security. Taking a holistic approach to identifying organizational risks and taking steps to put protections in place is fundamental to overall security. We see the path forward is beyond another system but an urgent need for more cyber security professionals to enter the workforce. We have the tools to find them regardless of background. We need to ensure we all do our part to grow the community of cyber professionals to truly achieve critical security goals.

Integration Of Cybersec
External Link: 4 Experts Comment – Deloitte Calls For Integration Of Cybersec And ERM Functions At Federal Agencies

Share this page:

Related Posts