Posted on March 8, 2017 at 11:37 am
The latest version of the draft of a cybersecurity executive order from the Donald Trump White House would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations’ IT assets. The draft executive order also would require federal agencies […]
Posted on March 7, 2017 at 11:04 am
For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […]
Posted on March 2, 2017 at 11:50 am
Having the National Institute of Standards and Technology audit other federal agencies’ cybersecurity practices is not a matter of NIST “stepping up” its game, as House Science Chairman Lamar Smith (R-TX) said this week – rather it would be a matter of dramatically redefining NIST’s role and relationship with other federal entities. The Science panel’s […]
Posted on February 28, 2017 at 3:47 pm
(WASHINGTON, D.C.) – The Internet Security Alliance said today that the legislation the House Science Committee is scheduled to consider this week is a step in the right direction, and that it hopes to work with the Committee to refine it as it moves forward through the legislative process. The bill calls on NIST to […]
Posted on at 11:42 am
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to demonstrate the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered – and likely amended – at a markup session of the House Science, Space and Technology Committee on March 1. The measure, known as the NIST Cybersecurity […]
Posted on February 27, 2017 at 11:20 am
Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […]
Posted on February 24, 2017 at 11:53 am
Cyber risk management is an increasingly important challenge for organizations of all kinds and sizes. Corporate directors have a legal responsibility to ensure that their corporations have appropriate cyber risk management policies and practices and are prepared to respond effectively to cyber incidents. Corporate directors can obtain helpful guidance from regulators, industry associations and other […]
Posted on February 21, 2017 at 4:52 pm
Individual experts offer good advice, but when many people agree on practical steps necessary for better cybersecurity, their consensus carries more weight, at least so long as cybersecurity lacks outcome-based, objective metrics. Accordingly, here are the most important things small and medium-sized organizations should do, according to a survey the Internet Security Alliance did of […]
Posted on February 17, 2017 at 11:54 am
One of the most important jobs of the board is to challenge management and test their assumptions about strategy, the competitive environment, and associated risks and opportunities. Many directors would say that they are most passionate about this part of their role, and in today’s business environment it has never been more critical. Cybersecurity is […]
Posted on January 30, 2017 at 11:24 am
While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data. […]