NIST Cybersecurity Framework – Page 4

Cyber CEOs urge NIST Framework be made a part of NAFTA talks

Posted on August 17, 2017 by Shaun Waterman

Ten major cybersecurity companies have written to the U.S. Trade Representative Robert Lightheizer to urge that alignment of cybersecurity standards — and the use of risk management tools like the NIST Cybersecurity Framework — should become part of the re-negotiation of the North America Free Trade Agreement that started this week. “The government … needs to step up to the plate” in international affairs where cybersecurity is concerned, Amit Yoran, CEO of Tenable, and one of the letter’s signatories, told CyberScoop. The other companies signing on are Rapid7, Arbor Networks, Bugcrowd, CA Technologies, Cybereason, Forescout, McAfee, Mimecast and Symantec. “Trade issues related directly to the U.S. cybersecurity industry are absent” from the lengthy list of U.S. negotiating objectives in the NAFTA rewrite released by LightHeizer’s office, the letter complains, while welcoming the inclusion of objectives related to digital trade more generally. That omission is especially damaging, the letter suggests, because “Numerous countries are currently considering or […]

The post Cyber CEOs urge NIST Framework be made a part of NAFTA talks appeared first on Cyberscoop.

Continue reading Cyber CEOs urge NIST Framework be made a part of NAFTA talks→

NIST moving forward, cautiously, on framework revisions

Posted on July 25, 2017 by Shaun Waterman

Big changes to the National Institute of Standards and Technology’s Cybersecurity Framework, such as the introduction of a section on coordinated vulnerability disclosure, may be pushed off to a future major revision rather than be included in the forthcoming Version 1.1. That’s the takeaway from a report last week of the NIST public consultation workshop in May, in which the agency lays out plans to complete the overhaul of the popular cybersecurity guide by early next year. The commitment to “backwards compatibility” — ensuring users of the existing Version 1.0 can employ the new Version 1.1. — means that only smaller tweaks, like the addition of multi-factor identity authentication or new language for Internet of Things risks, can be addressed in the update. In the report, NIST laid out plans to inch ahead with a number of proposed changes to the draft V1.1 released in January. They include: Rewrites to the section on measuring cybersecurity — business leaders wanted it […]

The post NIST moving forward, cautiously, on framework revisions appeared first on Cyberscoop.

Continue reading NIST moving forward, cautiously, on framework revisions→

How Cisco is helping agencies wrap their arms around the NIST framework

Posted on June 13, 2017 by FedScoop Staff

The cybersecurity executive order charges federal agencies to manage risk across the U.S. government as a whole, holds agency heads personally responsible for the protection of their networks and places modernization efforts at the forefront of a greater push to bolster computer security. The order requires all departments and agencies to review the security of their IT systems using the risk management principle outlined in the National Institute of Standards and Technology’s Cybersecurity Framework. How that framework applies to each unique agency is a challenge, one exacerbated by the fact that reports on agency IT systems are to be completed in a few weeks. Cisco Systems has a wealth of expertise when it comes to aligning enterprises with the framework. Two of Cisco’s experts — Senior Director of Security Sales Will Ash and Public Sector Cybersecurity Specialist Steve Caimi — spoke with CyberScoop on how agencies can adapt their particular systems to the […]

The post How Cisco is helping agencies wrap their arms around the NIST framework appeared first on Cyberscoop.

Continue reading How Cisco is helping agencies wrap their arms around the NIST framework→

Bug Hunters Prefer Communication Over Compensation

Posted on December 15, 2016 by Michael Mimoso

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure. Continue reading Bug Hunters Prefer Communication Over Compensation→

The Value of a Hacked Company

Posted on July 14, 2016 by BrianKrebs

Most organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised. Continue reading The Value of a Hacked Company→

The Value of a Hacked Company

Posted on July 14, 2016 by BrianKrebs