Posted on May 1, 2017 at 11:22 am
The National Institute of Standards and Technology is diligently reviewing the nearly 130 comments from industry and other groups on a draft update to the framework of cybersecurity standards, as it prepares an analysis of that input in advance of a highly anticipated public meeting this month. That meeting will likely set the course and […]
Posted on April 26, 2017 at 11:23 am
Industry groups across sectors are raising concerns with various aspects of the National Institute of Standards and Technology’s approach to managing supply-chain risks in a proposed update to the voluntary framework of cybersecurity standards. Specifically, groups say the NIST plan fails to take into account the interconnectedness of vendor services and downplays the potential effect […]
Posted on April 24, 2017 at 11:26 am
Lawmakers return to Capitol Hill this week with a few cybersecurity items on the agenda for the upcoming legislative work period, while the most significant efforts in the coming months may be taking place at the White House and at the National Institute of Standards and Technology’s campus in suburban Maryland. “On the congressional front, […]
Posted on April 13, 2017 at 11:29 am
Business lobbying groups are pushing back on plans by federal scientists to add third-party measurement of cybersecurity to a voluntary framework designed to help private companies improve its defenses against hackers, cybercriminals and online spies. A draft proposed revision of the National Institute of Standards and Technology’s Cybersecurity Framework, to be known as version 1.1, […]
Posted on April 12, 2017 at 11:31 am
The Internet Security Alliance is calling for metrics that allow businesses to prioritize their cybersecurity efforts based on the National Institute of Standards and Technology cybersecurity framework, while stressing the need for NIST and other agencies to continue promoting the voluntary, public-private partnership approach to cybersecurity. The comments come in response to a request for […]
Posted on April 10, 2017 at 1:42 pm
The Internet Security Alliance (ISA) is a multi-sector trade association representing mainly the chief information security officers of Fortune 100 companies. ISA has a long-standing interest in seeing that the Framework achieves its objectives of better private-sector cybersecurity. ISA’s Cybersecurity Social Contract, published in 2009, first called for the collaborative industry-government development of standards and […]
Posted on at 8:00 am
WASHINGTON, D.C.) – The Internet Security Alliance and the FAIR Institute called on the National Institute of Standards and Practices (NIST) to convene a process similar to that which resulted in the creation of the NIST Cybersecurity Framework (CSF), but this time focusing on implementation of the CSF. According to the joint filing, a useful […]
Posted on March 22, 2017 at 1:03 pm
CYBERSECURITY IS NOT AN “IT” ISSUE. TO ADDRESS IT EFFECTIVELY WE NEED TO LOOK AT CYBERSECURITY AS AN ECONOMICS ISSUE Expecting technology to provide the answer to our cybersecurity problems would be a perilous course. A more promising path would be to understand the true nature of the cyber threat and take a more enterprise […]
Posted on March 20, 2017 at 3:38 pm
(WASHINGTON, D.C.) – The Internet Security Alliance today released a “Cyber Regulation Fact Sheet,” demonstrating multiple examples of how the tremendous growth in cybersecurity rules and regulations is diverting scarce security resources and actually undermining our nation’s cyber defenses. “One of the unintended consequences for organizations, like ISA who has been raising awareness of the […]
Posted on March 13, 2017 at 11:35 am
The government has suggested many ways to use metrics to measure the effectiveness of cybersecurity investments, but who should be using these measurement tools – and whether doing so should be required – remains open questions that will affect the scope and movement of these plans. Industry remains somewhat divided on the role of metrics, […]