Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.
This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.
Mention cybersecurity and immediate thoughts turn to technical controls such as firewalls, endpoint detection and patching systems. While these and other technical controls certainly are necessary, they must work in tandem with administrative and physical controls in order to form a mature risk mitigation program. This month, we will explore some of the physical aspects of cyber risk management, which inherently relies upon on-site security personnel and employee training for proper execution.
Your company may think it has adequate insurance coverage for a network breach, but there’s a good chance that it does not. According to the findings of a recent UK government report, over half of the companies surveyed thought they had the right coverage in place, while only 10 percent actually did. Another sizable group of those surveyed responded that they had no idea which of the many cyber risks facing their company even could be insured.
In the hunt for the next great cybersecurity leaders, are enterprises neglecting an under-tapped source? More women are joining the cybersecurity industry, but there are still myriad opportunities for enterprise security leaders to be advocates and mentors to up-andcoming talent.