This page contains a Flash digital edition of a book.
What more can policymakers do?


• Understand that security is about risk management and taking measures appropriate to the value and consequences of the information in question.


• Ensure that any cybersecurity measures are flexible so as to allow organizations to properly assess and mitigate risk appropriate for their infrastructures and risk tolerance models. Congress and the Administration can both contribute to this effort.


• Understand and accept real risk management prioritization for cyberspace and develop and implement policies based upon thoughtful, ongoing risk management assessments. Congress and the Administration can both contribute to this effort.


The IT Industry’s Cybersecurity Principles for Industry and Government


PAGE 17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24