in ,

IBM’s Dan Chenok: NIST Frameworks, Guidance Could Help Agencies Manage Cyber Risks

Dan Chenok
Dan Chenok
Dan Chenok
Dan Chenok

Dan Chenok, executive director of the IBM Center for the Business of Government, wrote in a commentary published Thursday on FCW that frameworks and other resources from the National Institute of Standards and Technology provide government agencies a “strong road map” towards improving their cybersecurity posture.

Chenok cited NIST’s Cybersecurity Framework and the Risk Management Framework, which advances the implementation of continuous monitoring processes, use of automation and integration of information security into the enterprise architecture.

“In addition to the guidance contained in the Risk Management Framework, NIST has published two additional documents – NIST SP 800-39 and NIST SP 800-30 — that emphasize the need for integrated organization-wide risk management and risk assessments,” he wrote.

In addition to NIST resources, Chenok described the PRISM model in a 2018 IBM Center report and how it could help agencies manage cyber risks.

“The model helps agencies begin by prioritizing risk drivers and interdependencies, and linking cybersecurity goals to mission and operational objectives,” he said of PRISM. “The model can also assist agencies in communicating return on security investments to mitigate cyber risks.”

He also mentioned the importance of risk management and information security to public sector entities.

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Government Technology


Written by Jane Edwards

is a staff writer at Executive Mosaic, where she writes for ExecutiveBiz about IT modernization, cybersecurity, space procurement and industry leaders’ perspectives on government technology trends.

Report: SpaceX Anticipates Series N Funding to Reach $1B - top government contractors - best government contracting event
Report: SpaceX Anticipates Series N Funding to Reach $1B
SRI International
SRI International Selected to Participate in DARPA’s Semantic Forensics Research Project