Ron Ross led the team that developed risk management framework guidance for the National Institute of Standards and Technology. Ross: “Managing risk with regard to information systems and security sometimes doesn’t go to the highest levels” Ross: The realization of this by senior leaders now has energized them and gotten them involved in the process of managing risk.” Ross is a two-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government. He also supports the State Department in the international outreach program for information security and critical infrastructure protection.”]
Source: https://www.healthcareinfosecurity.com/risk-getting-top-leaders-involved-a-3209