A culture of cybersecurity is when there is top down support for cybersecurity, it is ingrained in and fully integrated all aspects of the mission, and all employees have a mindset of security in everything they do.
This approach enables you to replace fear and doubt with data and information. It also allows you to provide insights into your organization’s risk posture, keeps your boss from going fetal, and lets you live to fight another day– which is the main thing.
The Office of Management and Budget released in July a long-awaited update to their guidance to agencies on steps they should take to manage – not avoid — expected and unexpected risks to their operations
Do self confident, optimistic leaders ask this question often enough, at the right time? Risk experts Doug Webster and Tom Stanton think not. Writing in a new report for the IBM Center for The Business of Government, they observe: “The front pages of national newspapers constantly report on actions by private companies, federal leaders, or… Read more »
The Office of Federal Student Aid put in place the first formalized risk management framework in the federal government, starting its efforts in 2004. What does it look like? How did they do it? One former federal leader, Todd Grams, observes that agencies that ignore risk are actually creating risk. Not surprisingly, there has been… Read more »
