Describe the process a CISO would use to help the company decide which risk assessment model to use considering the February 2013 Executive Order 13636, Improving Critical Infrastructure Cybersecurity.

Due Thursday
Respond to the following in a minimum of 175 words:
Option 1
NIST SP 800-30 and ISO 27005, which you read about this week, both offer versions of a risk assessment model.
Describe the process a CISO would use to help the company decide which risk assessment model to use considering the February 2013 Executive Order 13636, Improving Critical Infrastructure Cybersecurity.
Option 2
A plan of action and milestones (POA&M) is a living, historical document that identifies tasks that need to be created to remediate security vulnerabilities. The goal of a POA&M should be to reduce the risk of the vulnerability identified.
Describe some of the common challenges with developing and maintaining a POA&M from the standpoint of a CISO versus a CIO.

Leave a comment

Your email address will not be published. Required fields are marked *