Data breaches have progressed from low probability, high consequence events to high probability, high consequence events. This shift requires that senior executives become more involved to help reduce financial impact and protect their companies’ reputation and brand.
Cybersecurity frameworks like NIST, HITRUST, PCI DSS, COBIT, and OSI provide the structure to facilitate senior executive participation. The technical perspective, sophistication, and complexity of frameworks can lead to silos of cybersecurity management. Cross-functional accountability for effective corporate cybersecurity management is required.
A Responsibility Assignment Matrix within a cybersecurity framework can visually and effectively illustrate cross-functional ownership of the corporate cybersecurity plan. Ownership of the creation and maintenance of the corporate security plan should remain with either the security or IT department. Many aspects of cybersecurity accountability naturally reside outside of the security and IT departments.
Please visit this site and explore how corporate accountability can be incorporated with cybersecurity planning.
http://processdeliverysystems.com/v2pds_nist/index.htm
Click here to download the presentation Accountability for Corporate Cybersecurity, Who Owns What?
http://processdeliverysystems.com/v2pds_nist/documents/PDS_Accountabiliy_NIST_Cybersecurity_Framework.pdf
Click here to download the Responsibility Assignment Matrix for the NIST Cybersecurity Framework.
http://processdeliverysystems.com/v2pds_nist/documents/PDS_NIST_Cybersecurity_Framework_RACI.pdf
We welcome your questions, insights, and comments.