In a centralized governance model, the authority, responsibility, and decision making power are vested solely within a central body. The centralized body establishes the policies, standards, guidelines, procedures, and processes for ensuring enterprise-wide involvement in the development and implementation of risk management and cybersecurity strategies, risk and cybersecurity decisions, as well as in the creation of internal and external communication mechanisms.
A centralized approach to governance requires strong, well-informed central leadership and provides consistency throughout the organization. Centralized governance structures also provide less autonomy for subordinate organizations that are part of the parent organization.
- Electricity Subsector Cybersecurity Risk Management Process, App. D, at 73.