Governance is the set of organizational arrangements ensuring the capability to identify cyber risk, prevent cyber-attacks and detect cyber-attacks, recover after a cyber-attack.
The Governance arrangements can be described along two dimensions:
- the five types of Cybersecurity processes, corresponding to the five NIST Functions: IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER
- the key organizational elements allowing the governance, i.e. allocation of responsibilities in the HCO structure, policies/procedures/plans, work roles.
Objectives of the topic session
- Understanding how much the Cybersecurity processes are mature in the HCOs and which of the are felt to be the most important in the in HCOs
- Understanding where the Cybersecurity responsibilities could fit in the HCO organization structures
- Understanding how much the work roles required by the Cybersecurity processes are present in the HCOs and which ones are felt to be the most important in the in HCOs