Security Baselines Harmonization Campaign | White paper
The whitepaper, Risk Management for Cybersecurity: Security Baselines, effectively breaks down the concept of security baselines for policymakers, calling for an “outcomes-focused” approach; which ensures that the same baseline can be applied across different sectors, and helps regulations keep up to date with a rapidly evolving technology and threat landscape. The paper then provides concrete guidance for policymakers on how to foster a holistic cybersecurity risk management approach by focusing on the following key areas:
- Utilizing an open, collaborative, and iterative development process;
- Bridging risk management understanding both within and between organizations;
- Advancing security through a risk-based and outcomes-focused approach; and
- Leveraging existing best practices to the greatest extent practicable
Security baselines are an important component of the implementation of critical infrastructure, and critical information infrastructure, protection legislation, such as the Network and Information Security (NIS) Directive in Europe. As a result, governments around the world are increasingly focused on this area of cybersecurity policy and seeking ways to maximize the beneficial impact of security baselines while minimizing unnecessary constraints on various sectors.