Dan Chenok, executive director of the IBM Center for the Business of Government, wrote in a commentary published Thursday on FCW that frameworks and other resources from the National Institute of Standards and Technology provide government agencies a “strong road map“ towards improving their cybersecurity posture.
Chenok cited NIST's Cybersecurity Framework and the Risk Management Framework, which advances the implementation of continuous monitoring processes, use of automation and integration of information security into the enterprise architecture.
“In addition to the guidance contained in the Risk Management Framework, NIST has published two additional documents – NIST SP 800-39 and NIST SP 800-30 — that emphasize the need for integrated organization-wide risk management and risk assessments,“ he wrote.
In addition to NIST resources, Chenok described the PRISM model in a 2018 IBM Center report and how it could help agencies manage cyber risks.
“The model helps agencies begin by prioritizing risk drivers and interdependencies, and linking cybersecurity goals to mission and operational objectives,“ he said of PRISM. “The model can also assist agencies in communicating return on security investments to mitigate cyber risks.“
He also mentioned the importance of risk management and information security to public sector entities.