{"id":188102,"date":"2026-02-17T04:10:00","date_gmt":"2026-02-17T09:10:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/living-risk-registers-are-key-to-real-cyber-resilience-former-cio-ann-dunkin-says-in-interview\/"},"modified":"2026-02-17T04:45:09","modified_gmt":"2026-02-17T09:45:09","slug":"living-risk-registers-are-key-to-real-cyber-resilience-former-cio-ann-dunkin-says-in-interview","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/living-risk-registers-are-key-to-real-cyber-resilience-former-cio-ann-dunkin-says-in-interview\/","title":{"rendered":"Living Risk Registers Are Key to Real Cyber Resilience, Former CIO Ann Dunkin Says in Interview"},"content":{"rendered":"

Living Risk Registers Are Key to Real Cyber Resilience, Former CIO Ann Dunkin Says in Interview<\/a><\/p>\n

https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/living-risk-registers-are-key-to-real-cyber-resilience-former-cio-ann-dunkin-says-in-interview\/<\/a><\/p>\n

Publish Date: 2026-02-17 04:10:00<\/a><\/p>\n

Source Domain: www.hstoday.us<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. HSToday Editorial Board Member Ann Dunkin is calling on organizations to move beyond what is described as \u201ccompliance theater\u201d and adopt living risk registers to drive meaningful cybersecurity outcomes.
\nIn a recent interview with Security Digest, Dunkin \u2013 a four-time enterprise CIO and Distinguished Professor at Georgia Tech \u2013 drew on her experience leading IT operations at the U.S. Department of Energy and the Environmental Protection Agency to explain how regulatory checklists can crowd out real risk reduction.
\n\u201cI see the risk register as tactical. It reflects what\u2019s happening day-to-day, whereas the security plan is strategic. It sets the big picture and drives the five-year operating plan,\u201d Dunkin said.
\nShe pointed to structural challenges in government, where mandates often come without funding. \u201cIn government, the reason CIOs and CISOs get so many compliance items is because the people who deeply understand the risks are not the same people who control the funding,\u201d she said. \u201cIt comes as yet another unfunded mandate, where Congress will direct an agency to perform an action and then provide no money for it.\u201d
\nRather than treating compliance and security as competing priorities, Dunkin recommends embedding compliance into a quarterly, continuously updated risk register that calculates risk by likelihood and consequence.
\n\u201cYou can build the consequences of non-compliance into your risk register in a way that brings the most important compliance items to the top,\u201d she said. \u201cIf you determine the consequence of not complying means the business gets shut down, that item will move to the top of your risk list.\u201d
\nShe also stressed the importance of strong governance and CIO-CISO collaboration, noting, \u201cThe best thing a CIO and CISO can do is work as a team\u2026 That teamwork is how security is not bolted on after the fact, but it\u2019s built in.\u201d
\nAs AI-driven threats grow, Dunkin warned that static checklists leave organizations exposed. \u201cDefenders know that attackers are going to be using AI against them, so they must use AI themselves as part of their defense,\u201d she said.
\nHer message: treat risk management as a living process \u2013 not a paperwork exercise.
\nRead the full interview here.
\n(AI was used in part to facilitate this article.)<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Living Risk Registers Are Key to Real Cyber Resilience, Former CIO Ann Dunkin Says in…<\/p>\n","protected":false},"author":1,"featured_media":188103,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.hstoday.us\/wp-content\/uploads\/2026\/02\/People-on-the-move-89.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-188102","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188102"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=188102"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188102\/revisions"}],"predecessor-version":[{"id":188104,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188102\/revisions\/188104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/188103"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=188102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=188102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=188102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}