Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
In a hybrid governance structure, the authority, responsibility, and decision making power are distributed between the parent and the subordinate organizations. The central body establishes the policies, standards, guidelines, procedures, and processes for ensuring enterprise-wide involvement in the portion of the risk management and cybersecurity strategies and decisions affecting the entire organization (e.g., decisions related to shared infrastructure or common security services). Subordinate organizations, in a similar manner, establish appropriate policies, standards, guidelines, procedures, and processes for ensuring their involvement in the portion of risk management and cybersecurity strategies and decisions that are specific to their mission and business process needs and operational environments.
A hybrid approach to governance requires strong, well-informed leadership for the organization as a whole and for subordinate organizations, and provides consistency throughout the organization for those aspects of risk and cybersecurity that affect the entire organization.
- Electricity Subsector Cybersecurity Risk Management Process, App. D, at 69.