DHS Releases Three IT Risk Management Strategies
The Department of Homeland Security and the Information Technology Sector Coordinating Council released three risk management strategies on Friday to address exposure to the nation’s IT infrastructure.
“The strategies inform industry and government organizations of the IT Sector’s risk management priorities and activities by identifying risk responses and prioritizing risk mitigations,” wrote the DHS pubic affairs staff on the agency blog. “They address products and services, incident management, and Internet routing. Completing these strategies ensures that public and private sector resources are applied where they can most effectively respond to the threats, vulnerabilities, and consequences facing critical IT Sector functions.”
The three strategies are as follows:
The IT Sector Products and Services Risk Management Strategy includes a portfolio of risk mitigation activities, such as:
- Enhancing supply chain delivery mechanisms to minimize counterfeiting and tampering;
- Developing, establishing, and/or adopting IT Sector standards and/or best practices;
- Increasing awareness among buyers and suppliers of IT products and services of the need to manage business risk.
The IT Sector Incident Management Strategy includes a portfolio of risk mitigation activities, such as:
- Improving redundancy and distribution of resources and data;
- Educating the workforce to recognize falsified information and validate sources (training and awareness); and
- Investing in or developing alternative data delivery capabilities to use when primary ones are unavailable.
The IT Sector Internet Routing Risk Management Strategy includes a portfolio of risk mitigation activities, such as:
- Formulating and applying appropriate local routing policy;
- Taking extensive steps to secure facilities from physical attacks and natural disasters; and
- Developing a comprehensive incident management and incident recovery plan.
Itsrm for Product and Services Report
It Sector Risk Management Strategy Domain Name Resolution Services June2011