CybersecurityManagementSecurity NewswireCybersecurity News

CISA launches new effort to develop actionable metrics to quantify cyber risk

Systemic-Cyber-Risk-Reduction CISA

Image courtesy of CISA

January 15, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity effort:  The Systemic Cyber Risk Reduction Venture on developing actionable metrics to quantify cyber risk. This information will be used to reduce shared risk to the nation's security. 

The effort, in partnership with theNational Risk Management Center (NRMC), CISA will be focusing on using enterprise risk management best practices in 2021. According to Bob Kolasky, CISA Assistant Director for the National Risk Management Center, CISA is anticipating three overarching lines of effort: 

  1. Build the Underlying Architecture for Cyber Risk Analysis to Critical Infrastructure

The critical infrastructure community is underpinned by a dependent web of hardware, software, services, and other connected componentry.

  1. Cyber Risk Metric Development

Supporting efforts to better understand the impact of cyber risk across the critical infrastructure community will require developing usable metrics to quantify cyber risk in terms of functional loss. There’s no need to get bogged down with Greek equations with decimal place-level specificity. Metrics that provide even directional or comparative indicators are enormously helpful.

  1. Promoting Tools to Address Concentrated Sources of Cyber Risk

Central to the venture to reduce systemic cyber risk is finding concentrated sources of risk that, if mitigated, provide heightened risk management bang for the buck if addressed.

"Defending Today and Securing Tomorrow demands that we better understand and address systemic cyber risk. The steady drumbeat of the importance of cyber essentials must be complemented with a more advanced understanding of how cyber risk manifests itself in an interconnected world – this means both understanding the interconnection and developing high leverage solutions. CISA, via the National Risk Management Center’s collaborative approach, looks forward to working with the critical infrastructure and cyber research community to make progress on this important Venture," Kolasky says.

KEYWORDS: CISA cyber security risk management

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Events

View AllSubmit An Event
  • September 9, 2025

    Actionable Strategies to Mitigate Active Assailant Risk

    ON DEMAND: Active assailant incidents are surging — Are you ready? This dynamic session will equip attendees with actionable, real-world tactics to protect their people and maintain business continuity when it matters most.
View AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!