December 5th, 2017

IDG Contributor Network: How can my cyber program benefit from a standards-based approach?

Java Security, others, Programing, by admin.

The Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure is starting to motivate action from not only U.S. federal agencies, but also from U.S. businesses. Recent cyberattacks and breaches have resulted in heightened private sector awareness, which is driving businesses to reevaluate how they can reduce enterprise risk. As a former security executive of a multinational corporation, I have always been on the hunt for more resiliency and best practices, so I can relate.

The National Institute of Standards and Technology’s Cybersecurity Framework, formally titled The Framework for Improving Critical Infrastructure Cybersecurity, can overwhelm even experienced security professionals with its inherent complexity. Yet, increasingly, it is recognized as a national gold-standard. Its popularity and support is apparent: 30 percent of U.S. businesses have adopted the framework as of 2015, and that number is growing rapidly. According to Gartner, over 50 percent are projected to adopt by 2020. The NIST CSF builds upon existing frameworks, and was created by over 3,000 public and private security professionals.

The framework is a risk-based approach to managing cybersecurity. NIST further states that its purpose is to create a common language for cyber that unifies the conversation around enterprise risk and security. Some organizations are even requiring their vendors to adopt the framework as they scale. Likewise, financial and healthcare companies are also realizing the importance of securing their data following this set of best practices. Europe, too, clearly sees the value of the framework as they look to it while finalizing the NIST Directive.

When I left my position as a global CSO to start a company, I set out to accomplish one goal. I realized that the framework’s nature—by far the most comprehensive approach—necessitates that is also the most complex. Its five core functions: identify, protect, detect, response and recover, are a blueprint to mitigate cyber risk. Implemented properly, an organization will have the most powerful set of tools and procedures in place. In a sense, the Framework is a dynamic Deming cycle—continuous, logical and always learning.

Back Top

Leave a Reply