The Risk-Based Approach to Cybersecurity

Both Easterly and Zhora emphasize the need for organizations to embrace cybersecurity as an enabler for confidently achieving business objectives. Zhora notes that forgoing expansion opportunities due to cyber risks can sometimes pose greater existential threats than pressing forward despite potential dangers. Calculated risk-taking is necessary to

To achieve cyber resilience, it is crucial for organizations to align their cybersecurity priorities with their overarching business objectives. Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), emphasizes the need for security leaders to frame risks in relatable business terms and provide metrics that demons

Now, let's think about this example in terms of cybersecurity.Your organization uses the NIST cybersecurity framework as a scoreboardto say, here's where we are in terms of our cyber maturity score.We think the attackers are currently ahead of us, and we need to increaseour maturity on these three important items before the end of the year.And if w

To improve decision making at this level, the metrics provided by the security team must be risk based and framed in a way that aligns with business drivers.

Both Easterly and Zhora stress the importance of communicating cyber risks in a language that resonates with business decision-makers. This enables informed decision-making when allocating resources to cybersecurity initiatives. By aligning cybersecurity efforts with business goals, organizations can view cybersecurity not merely as a constraint, b