An information security program requires buy-in at the highest levels of the organization. The recent SOLARWINDS and HAFNIUM attacks are a stark reminder that the cyber threat landscape is quickly evolving, but resilient organizations with robust and unified strategies persevere. The Department of Homeland Security (DHS) has created a guide for leadership discussions about cybersecurity risk management.
“Cybersecurity is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cybersecurity risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cybersecurity risk throughout the enterprise.” — DHS Cybersecurity Questions for CEOs