Strengthen & Automate Your Cyber Risk Management

The federal government is well aware of the dangers of cyber attacks. In December 2024, Chinese hackers penetrated a Treasury Department vendor and accessed more than 3,000 unclassified files related to high-ranking officials. Just a month earlier, researchers had discovered Salt Typhoon, a Chinese attack breaching eight U.S. telecom providers; the attack began as much as two years ago and still infects the companies’ networks.

These and many other incidents demonstrate the importance of IT risk management, including automation of cybersecurity programs that can provide actionable insights and shift to proactive risk management. And agencies also must address IT vendor risk management, by increasing the frequency and depth of assessments, streamlining the implementation process, and prioritizing remediation efforts to protect against costly and dangerous data breaches.

Both of these efforts must be undertaken within cybersecurity compliance regulations – which can be centralized and streamlined by automating evidence collection and IT controls testing, and ensuring compliance with security standards and certifications.

Learning Objectives:

• Evaluate software supply chain risks to identify where cybersecurity improvements are most needed
• Identify where automation of cybersecurity measures – both prevention and mitigation – will improve risk management and generate new insights for further action
• Delineate metrics that quantify cybersecurity risk management, such as number of successful vs. failed attacks