Bob Kolasky, CISA Assistant Director for the National Risk Management Center (NRMC), recently released a blog post on how the NRMC will lead CISA’s efforts to identify and reduce systemic cyber risk.
Mr. Kolasky outlines the importance that good cyber practices and implementations have on safeguarding enterprises and organizations alike. He keys in on 3 main points that are needed, those that CISA through the NRMC will help address for national security. To that end, the NRMC is launching a Systemic Cyber Risk Reduction Venture to organize their work to reduce shared risk to the Nation’s security and economic security.
We designed our platform with these capabilities in mind. RealCISO is a powerful software platform that empowers organizations with the insight needed to understand and manage cyber risk, all in just a few clicks.
Build the Underlying Architecture for Cyber Risk Analysis to Critical Infrastructure
Organizations, enterprises and the government need an hierarchical approach and view of their risks. There are many critical sectors, within the DHS definition, following NIST Cybersecurity Framework (CSF) v1.1; the continuation of leveraging an accepted and maintained standard is ideal to base a measurement on. Mr. Kolasky rightly states, “It will enable more targeted, prioritized, and strategic risk mitigation efforts and support community-wide activity around better understanding continuity of the economy resilience.”
Let RealCISO do the heavy lifting with our quick and easy guided questionnaire.
Cyber Risk Metric Development
One of the biggest hurdles with metrics is the paralysis when starting to measure and trying to report on risk. Too much effort is wasted on finding the perfect way to measure and then again on how to report. Mr Kolasky advises to “start with narrow and achievable goals, and expand from there”.
“Start with narrow and achievable goals, and expand from there”
He also recognizes the issues within the current landscape of metric systems with getting “bogged down with Greek equations with decimal place-level specificity”. Instead it’s better to find the methods and metrics that provide directional guidance. Looking again at existing standards such as the NIST Cybersecurity Framework (CSF) , we have the ability to assess an organization against what “good” looks like.
The areas that fall short can be identified as gaps to address within a plan or strategy. By assessing against standards and using a gap analysis as the measure of improvement, an organization can quickly begin addressing cybersecurity risk without wasting time and resources on what metrics system works best.
As a self-guided software platform, RealCISO assesses your current security posture and recommends vendors based on unique gaps, empowering you to take action to meet today’s evolving compliance standards and policies — all with just a few clicks. Know exactly where your security posture stands so you can take action from a place of true understanding.
Promoting Tools to Address Concentrated Sources of Cyber Risk
Risk assessment and gap analysis only bring you so far. At some point, resources are needed to address those gaps beyond maturing processes or even hiring people. The vendor landscape in cybersecurity is vast and complex; sometimes, even misleading. When tools are needed, recommendations are needed. Those recommendations must “provide heightened risk management bang for the buck if addressed.”
Through RealCISO, receive a list of carefully vetted security vendors based on your unique risk assessment, then price and buy right from one place.
RealCISO is the smarter, cost-effective way to understand and manage your cyber risk. Ready to get started? Try for free to see how you can reduce risk while freeing up your team’s time.