Cyber Security Risk Management: What Should We Be Talking About?

Posted by Dawn Marie Bailey

aaeaaqaaaaaaaah8aaaajdjkytcyyznkltq3nwutndvjyy1hnwy5ltqwogm1mduxzdqwoqDisrupting, destroying, or threatening the delivery of an organization’s essential services—no matter what industry they are in—can be mitigated by chief information officers following six steps—among them elements that are in complete alignment with the Baldrige Excellence Framework, according to a cyber security expert.

In a recent blog “CEOs: Interviewing CIOs? Six Things to Listen for Regarding Cyber Security Risk Management,” Todd McQueston, head of global product marketing and business development for Wolters Kluwer Health, compiled what C-suite leaders should be talking about, based on an interview with Bob Merkle, a cyber security risk management consultant. Among the six things to listen for include long-term systems thinking and a strong quality control system.

Baldrige-CyberMcQueston also highlights the recent NIST announcement regarding the Baldrige Cybersecurity Initiative, which has been publicly endorsed by, among others, U.S. Chief Information Officer Tony Scott, who is helping to lead the President’s Cybersecurity National Action Plan. (The Baldrige Program is currently seeking feedback on the Baldrige Cybersecurity Excellence Builder, a self-assessment tool integrating Baldrige concepts and the NIST Cybersecurity Framework.) The Baldrige Cybersecurity Excellence Builder is intended to enable organizations to better understand the effectiveness of their cybersecurity efforts and identify opportunities for improvement.

To read McQueston’s complete blog, please go to

This entry was posted in Cybersecurity. Bookmark the permalink.

2 Responses to Cyber Security Risk Management: What Should We Be Talking About?

  1. Dawn Ringrose says:

    Understanding cybersecurity efforts and identifying opportunities for improvement has really been a part of excellence models for some time (source: Organizational Excellence Framework publication integrates leading global excellence models and provides implementation guidelines

    This aspect is covered by best management practices that address ‘resources’ (e.g. technology, asset, financial, knowledge, transportation). Some of these practices are found in the Planning chapter: (1) develop contingency plans for unforseen events, (2) conduct a capability gap for resources, (3) reallocate resources to adjust to changing circumstances and the Resource Management chapter: (4) define resource requirements, (5) develop a strategy to manage resources effectively, (6) manage the security of resources, (7) identify alternative and emerging technology and related cost-benefit to the organization and society, (8) prepare for resource interruptions.

    It is wonderful to see additional resources such as the Baldrige Cybersecurity Excellence Builder sharing steps that will provide additional information that will assist with successful implementation of these practices.

  2. Nkululeko Mabhena says:

    The Resources Based View to achievement of a sustainable competitive advantage (delivery profits above your competitive set average) is best enabled by management of the greatest threat which is cyber security system risk.

Leave a Reply

Your email address will not be published. Required fields are marked *