MaSSSoftech

The US Department of Homeland Security and the Information Technology Sector Coordinating Council (IT SCC) have released the ‘IT Sector Baseline Risk Assessment’ (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security.

The ITSRA validates the resiliency of key elements of IT sector infrastructure while providing a process by which public and private sector owners and operators can continually update their risk management programs. The assessment links security measures to concrete data to provide a basis for meaningful infrastructure protection metrics.

“The IT Sector Baseline Risk Assessment is an example of what can happen when public and private sector partners work together and represents a major step forward in mitigating risks to critical infrastructure functions that are essential to both homeland and economic security,” said DHS Assistant Secretary for Cybersecurity and Communications Gregory Schaffer. “While elements of the assessment have already been adopted, the establishment of this iterative platform for assessing IT sector risk will also enable us to address ever more sophisticated threats.”

“Private sector owners and operators of this nation’s critical infrastructure manage risk on behalf of their customers and their internal operations every day, and the risk assessment validates the overall resiliency of that infrastructure. Industry and government, however, need to understand the risk across the entire IT Sector,” said IT SCC chairman Bob Dix. “This dynamic process and its tangible results provide an opportunity to collectively manage risk at the national level, and we are already working on applying the findings of the IT Sector Baseline Risk Assessment to better mitigate risk, making the IT sector and the nation more resilient and secure.”

The ITSRA also identified overarching areas for additional study that will further enhance the sector’s resiliency, including further evaluation of the risks to the identity management function; analysis of the risks of manmade unintentional threats; and evaluation of the feasibility of establishing a national-level testing and simulation risk assessment capability.