Risk Management for Cybersecurity: Security Baselines

Security Baselines Harmonization CampaignWhite paper

The whitepaper, Risk Management for Cybersecurity: Security Baselines, effectively breaks down the concept of security baselines for policymakers, calling for an “outcomes-focused” approach; which ensures that the same baseline can be applied across different sectors, and helps regulations keep up to date with a rapidly evolving technology and threat landscape. The paper then provides concrete guidance for policymakers on how to foster a holistic cybersecurity risk management approach by focusing on the following key areas:

  • Utilizing an open, collaborative, and iterative development process;
  • Bridging risk management understanding both within and between organizations;
  • Advancing security through a risk-based and outcomes-focused approach; and
  • Leveraging existing best practices to the greatest extent practicable

Security baselines are an important component of the implementation of critical infrastructure, and critical information infrastructure, protection legislation, such as the Network and Information Security (NIS) Directive in Europe. As a result, governments around the world are increasingly focused on this area of cybersecurity policy and seeking ways to maximize the beneficial impact of security baselines while minimizing unnecessary constraints on various sectors.

Recent posts

    List Item Template
  • [=:title:]

    Read more
  • Xml Url
    display item count
    Blue geometric shapes and blue lasers

    About Microsoft's Cybersecurity Policy Team

    Microsoft’s cybersecurity policy team partners with governments and policymakers around the world, blending technical acumen with legal and policy expertise. By identifying strategic issues, assessing the impacts of policies and regulations, leading by example, and driving groundbreaking research, we help to promote a more secure online environment.