From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example:
NIST SP 800-34: The first step in contingency planning is policy development.
NIST Cybersecurity Framework: Part of the first step, Identify, is the need to establish policies that outline roles and responsibilities.
ISO 22301 and ISO 27001: Right after understanding your organization, the next section is leadership and policy development.
Why is governance so important to a resilience program? Well, start with this question: what are two requirements for law to apply? Jurisdiction and enforcement. If you have jurisdiction, but no way to enforce it, you have a bunch of paper. If you have enforcement but no jurisdiction, you are running rogue.
A strong, well-thought-out and actionable governance program sets your organizational resilience efforts in line. It gives you boundaries and allows you to manage the program.
Therefore, time to go back to an old favorite from Sydney Finkelstein: why these three questions can solve any problem.
Are you really willing to change what you have been doing?
Can you think of a better strategy or idea than the status quo?
C ..
Support the originator by clicking the read the rest link below.
