Recommended Practice
Developing a Cybersecurity Program That Meets an Agency’s Needs
Abstract
This recommended practice provides planning tools to help transit agency security professionals address cybersecurity risks in a sustainable and effective way that aligns with the agency’s vision and mission.
Document History
| Document Number | Version | Publication Date | Publication | Related Information |
|---|---|---|---|---|
| APTA SS-ECS-RP-004-23 | Original | 05/31/23 | Published | Current |
Keywords
cybersecurity, information security, risk management
Summary
Even the most seasoned security professional can’t tackle all elements of developing a cybersecurity program single-handedly, nor will doing so in a vacuum result in an effective, well-rounded program. Help is required to acquire the managerial, financial and organizational support needed. A solid cybersecurity program is based on a well-informed strategy that aligns with an agency’s wants and needs. This recommended practice provides strategic planning tools and principles to help security professionals understand the drivers for cybersecurity in an agency, see how those map to the agency’s vision and mission, identify stakeholders in a cybersecurity program, and establish a steering committee of stakeholders to help develop an effective, well-supported and sustainable program.
Get Involved
Want to participate in the development of this document? Join a Working Group or Learn More
Related Documents
|
