Skip to main content

ACT-IAC: Where government and industry leaders collaborate.

You are here

Managing Cybersecurity Risk in Government

 

Access to the ACT-IAC Knowledge Bank is a member benefit. You must be logged in to view and download documents.

Access to the ACT-IAC Knowledge Bank is a member benefit.  You must be logged in to view and download documents.

  • Government employees:  If you have an account, log in by clicking on login button at top of page.  If you don’t have an account, click here to create your free account.
  • Industry employees:
    • If your company is an IAC member and you have an account, log in by clicking on login button at top of page.
    • If your company is an IAC member and you don't have an account, click here to create an account.
    • If your company is not an IAC member, contact April Davis for information about membership (adavis@actiac.org or 703-208-4800 ext. 202).
 

Abstract

The increased use of technologies such as social media, the Internet of Things, mobility, and cloud computing by government agencies has extended the sources of potential cyber risk faced by those agencies. As a result, cyber is increasingly being viewed as a key component in enterprise risk management (ERM) frameworks. At the same time, agency managers encounter the challenge of implementing cyber risk management by selecting from a complex array of security controls that reflect a variety of technical, operational, and managerial perspectives.

In this report, the authors address current and potential future organizational cybersecurity and risk management needs by creating a decision model that allows agencies to tailor approaches for particular cyber challenges. The authors review existing risk management frameworks in use across government, and analyze steps that agencies can take to understand and respond to those risks in a manner consistent with existing law and policy. They put this work together to develop an implementation model based on taking five steps to improve cybersecurity outcomes: Prioritize, Resource, Implement, Standardize, and Monitor–the PRISM model.

Document Date: 
Jul 19, 2018
 
Author (organization): 
IBM Center for the Business of Government
 
Document type: 
Report
 
Interests: 
Cybersecurity
Technology Management