Digital risk management is a fragmented field of expertise. In Europe alone, many national cybersecurity centers have developed their own methodologies in order to empower organizations to increase their digital resiliency via the adoption of their framework. In parallel, many private sector organizations have taken similar actions. Although risk management has been foundational to cybersecurity for years, even decades, the complexity of these frameworks and their different strengths and weaknesses often obscures transparent and effective decision-making.
In our presentation, we will elaborate on the effort done by NCSC-NL to aggregate the common denominators of over more than 30 risk management frameworks. Many concepts in these frameworks encompass the same, but are labeled differently. Additionally, new research regarding for example the role of organizational culture were underexposed in many of the contemporary risk management perspectives. We will share our results and provide the audience with additional insight in, and an overview of the universe of risk management frameworks. Additionally, due to the NIS2 directive and the increasing legal limelight on the prominence of risk management, achieving an appropriate level of digital resilience via a transparent risk management process is gaining ever more importance. By understanding how the different concepts of risk management are (inter)connected, organizations can operationalize risk management paradigms to fit their objectives. NCSC-NL’s efforts therefore also focusses on providing the tools to reinforce organization’s endeavors to increase their digital resilience.
