Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Official Baldrige Blog

Cyber Security Risk Management: What Should We Be Talking About?


Disrupting, destroying, or threatening the delivery of an organization’s essential services—no matter what industry they are in—can be mitigated by chief information officers following six steps—among them elements that are in complete alignment with the Baldrige Excellence Framework, according to a cyber security expert.

In a recent blog “CEOs: Interviewing CIOs? Six Things to Listen for Regarding Cyber Security Risk Management,” Todd McQueston, head of global product marketing and business development for Wolters Kluwer Health, compiled what C-suite leaders should be talking about, based on an interview with Bob Merkle, a cyber security risk management consultant. Among the six things to listen for include long-term systems thinking and a strong quality control system.

McQueston also highlights the recent NIST announcement regarding the Baldrige Cybersecurity Initiative, which has been publicly endorsed by, among others, U.S. Chief Information Officer Tony Scott, who is helping to lead the President’s Cybersecurity National Action Plan. (The Baldrige Program is currently seeking feedback on the Baldrige Cybersecurity Excellence Builder, a self-assessment tool integrating Baldrige concepts and the NIST Cybersecurity Framework.) The Baldrige Cybersecurity Excellence Builder is intended to enable organizations to better understand the effectiveness of their cybersecurity efforts and identify opportunities for improvement.

To read McQueston’s complete blog, please go to

About the author

Dawn Bailey

Dawn Bailey is a writer/editor for the Baldrige Program and involved in all aspects of communications, from leading the Baldrige Executive Fellows program to managing the direction of case studies, social media efforts, and assessment teams. She has more than 25 years of experience, 18 years at the Baldrige Program. Her background is in English and journalism, with degrees from the University of Connecticut and an advanced degree from George Mason University.

Related posts


Understanding cybersecurity efforts and identifying opportunities for improvement has really been a part of excellence models for some time (source: Organizational Excellence Framework publication integrates leading global excellence models and provides implementation guidelines This aspect is covered by best management practices that address 'resources' (e.g. technology, asset, financial, knowledge, transportation). Some of these practices are found in the Planning chapter: (1) develop contingency plans for unforseen events, (2) conduct a capability gap for resources, (3) reallocate resources to adjust to changing circumstances and the Resource Management chapter: (4) define resource requirements, (5) develop a strategy to manage resources effectively, (6) manage the security of resources, (7) identify alternative and emerging technology and related cost-benefit to the organization and society, (8) prepare for resource interruptions. It is wonderful to see additional resources such as the Baldrige Cybersecurity Excellence Builder sharing steps that will provide additional information that will assist with successful implementation of these practices.
The Resources Based View to achievement of a sustainable competitive advantage (delivery profits above your competitive set average) is best enabled by management of the greatest threat which is cyber security system risk.

Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.