Government agencies are becoming all too familiar with cyber threats, attackers, hackers, back doors, breaches, and other vulnerabilities – but not all have implemented security controls essential for reducing cyber threats. Addressing cybersecurity threats seems daunting, time consuming, and expensive – yet with each new attack, governments lose information and citizens lose trust. Implementing security controls while maintaining mission-critical operations can be a significant challenge, but the NIST Cybersecurity Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.
- While universal and holistic in nature, how can agencies determine the best process and guidance to aid cyber readiness and risk management?
- Do agencies have a strategic identity management strategy in place?
- How should agencies secure privileged accounts, and how can they use multi-factor authentication to prevent unauthorized users from attacking critical networks?
- How can agencies shift from reactive to proactive in managing risks to systems, assets, data, and capabilities?
- What elements are important to laying that foundation and developing a response plan?