Federal agencies face a growing number of cyber threats to their systems and data. To protect against these threats, federal law and policies emphasize that agencies take a risk based approach to cybersecurity by effectively identifying, prioritizing, and managing their cyber risks. In addition, OMB and DHS play important roles in overseeing and supporting agencies’ cybersecurity risk management efforts.
Key practices for establishing an agency-wide cybersecurity risk management program include designating a cybersecurity risk executive, developing a risk management strategy and policies to facilitate risk-based decisions, assessing cyber risks to the agency, and establishing coordination with the agency’s enterprise risk management (ERM) program.
Format: |
|
Topics: | |
Website: | Visit Publisher Website |
Publisher: | Government Accountability Office (GAO) |
Published: | July 1, 2019 |
License: | Public Domain |