Cybersecurity Policy and Resilience | Policy paper
Recognizing their need for secure and resilient information and communication technologies, governments and enterprises of all sizes are evaluating how to manage cybersecurity risks. There are dozens of ongoing regional and national initiatives that aim to help enterprises manage operational cybersecurity risks by developing or evolving “security baselines”.
The approaches that governments take in developing security baselines will have far-reaching impacts. Effective approaches will not only increase security, but also enable continued innovation, productivity, and economic opportunity. Best practices include:
- Leverage diverse expertise by utilizing an open, collaborative, and iterative public policy development process that engages various stakeholders;
- Facilitate informed decision-making by bridging risk management understanding both within and between organizations;
- Manage risk efficiently through a risk-based and prioritized set of baseline practices;
- Enable innovation by driving toward desired security outcomes rather than prescriptive requirements;
- Leap forward by leveraging best practices;
- Support economic growth by realizing economic and security benefits with efficiency.