Security baselines and cyber risk management

Cybersecurity Policy and ResiliencePolicy paper

Recognizing their need for secure and resilient information and communication technologies, governments and enterprises of all sizes are evaluating how to manage cybersecurity risks. There are dozens of ongoing regional and national initiatives that aim to help enterprises manage operational cybersecurity risks by developing or evolving “security baselines”.

The approaches that governments take in developing security baselines will have far-reaching impacts. Effective approaches will not only increase security, but also enable continued innovation, productivity, and economic opportunity. Best practices include:

  • Leverage diverse expertise by utilizing an open, collaborative, and iterative public policy development process that engages various stakeholders;
  • Facilitate informed decision-making by bridging risk management understanding both within and between organizations;
  • Manage risk efficiently through a risk-based and prioritized set of baseline practices;
  • Enable innovation by driving toward desired security outcomes rather than prescriptive requirements;
  • Leap forward by leveraging best practices;
  • Support economic growth by realizing economic and security benefits with efficiency.

Recent posts

    List Item Template
  • [=:title:]

    Read more
  • Xml Url
    display item count
    Blue geometric shapes and blue lasers

    About Microsoft's Cybersecurity Policy Team

    Microsoft’s cybersecurity policy team partners with governments and policymakers around the world, blending technical acumen with legal and policy expertise. By identifying strategic issues, assessing the impacts of policies and regulations, leading by example, and driving groundbreaking research, we help to promote a more secure online environment.