Cybersecurity threats are an ever-present organizational risk on par with economic, legal, operational, financial, and political risks. They increasingly affect state assets. Managing these risks, and the threats from which they stem, must be part of a state’s overall risk management portfolio. To do this, state leaders must have effective cybersecurity governance.
Cybersecurity governance is the processes by which decisions are made about cybersecurity risk. Effective cybersecurity governance provides the mix of control and influence necessary and appropriate for a state, and includes mechanisms for mitigating and responding to risk.
While every state has implemented cybersecurity programs, few have cybersecurity governance that effectively ensures that a state’s risk is managed to a level and in ways that have been determined to be, through formalized governance processes, acceptable to the governor and legislature. An effective cybersecurity governance framework answers important questions such as: