In Chapter 13, I combine recommendations and action items provided throughout the book into ten implementation steps you should consider when launching your transformational ECRM Program and Cybersecurity Strategy initiative. You can take these steps to jump-start a new ECRM program or reinvigorate an existing one. The actions I recommend align with the NIST approach to cyber risk management. As I have emphasized throughout this book, I highly recommend the guidance and resources available from NIST. NIST offers an industry-recognized, technology-agnostic approach and compendium of available resources at no cost. (See Appendix C for more details about the advantages of using NIST-based methods.)
You do not need to implement steps presented sequentially. Depending on the maturity of your program, internal strategic requirements, or external regulatory requirements, you may need to perform specific actions ahead of others.
Following are the Implementation Steps.
- Implementation Step #1: Establish ECRM Governance
- Implementation Step #2: Design and Deliver Ongoing ECRM and Cybersecurity Education
- Implementation Step #3: Establish and Document Your ECRM Guiding Principles
- Implementation Step #4: Establish and Document Strategic Business and ECRM Objectives
- Implementation Step #5: Decide on the Scope of Your ECRM Program
- Implementation Step #6: Establish and Document Your ECRM Budget Philosophy
- Implementation Step #7: Formally Adopt Your ECRM Framework, Process, and Maturity Model
- Implementation Step #8: Conduct a Comprehensive, NIST-based Enterprisewide Risk Assessment
- Implementation Step #9: Establish Your Cyber Risk Appetite and Complete Risk Treatment
- Implementation Step #10: Formally Document Your ECRM Program and Cybersecurity Strategy
Click here to purchase Enterprise Cyber Risk Management as A Value Creator | Leverage Cybersecurity for Competitive Advantage. Please note: As an Amazon Associate, I earn from qualifying purchases.