Chapter 5

Governance and Risk Management

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

  • Define governance.

  • Explain cybersecurity governance in relation to NIST’s Cybersecurity Framework.

  • Explain the importance of strategic alignment.

  • Know how to manage cybersecurity policies.

  • Describe cybersecurity-related roles and responsibilities.

  • Identify the components of risk management.

  • Create policies related to cybersecurity policy, governance, and risk management.

NIST’s Cybersecurity Framework provides guidelines around the governance structure necessary to implement and manage cybersecurity policy operations, risk management, and incident handling across and outside an organization. ...

Get Developing Cybersecurity Programs and Policies in an AI-Driven World, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.