Cyber Risk

By John Liang / March 17, 2014 at 7:11 PM

Risk management is one of the areas that plays a key role in cybersecurity, according to a Defense Department instruction issued Friday:

(1) DoD will implement a multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets from the DoD Information Enterprise level, through the DoD Component level, down to the IS level as described in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 (Reference (o)) and Committee on National Security Systems (CNSS) Policy (CNSSP) 22 (Reference (p)).

(2) Risks associated with vulnerabilities inherent in IT, global sourcing and distribution, and adversary threats to DoD use of cyberspace must be considered in DoD employment of capabilities to achieve objectives in military, intelligence, and business operations.

(3) All DoD IT will be assigned to, and governed by, a DoD Component cybersecurity program that manages risk commensurate with the importance of supported missions and the value of potentially affected information or assets.

(4) Risk management will be addressed as early as possible in the acquisition of IT and in an integrated manner across the IT life cycle.

138448

About the Insider

The INSIDER is a daily news digest from Inside Defense. Every business day, the INSIDER delivers news and notes on the Defense Department, Congress and the defense industry. And every day, we send you highlights via email.

Depending on the terms of your subscription to Inside Defense, you will have easy access to the linked articles and documents.

If you have any questions about the INSIDER, please contact our Customer Service Department at 1-800-424-9068 or insidedefense@iwpnews.com.