This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.
Mention cybersecurity and immediate thoughts turn to technical controls such as firewalls, endpoint detection and patching systems. While these and other technical controls certainly are necessary, they must work in tandem with administrative and physical controls in order to form a mature risk mitigation program. This month, we will explore some of the physical aspects of cyber risk management, which inherently relies upon on-site security personnel and employee training for proper execution.
Your company may think it has adequate insurance coverage for a network breach, but there’s a good chance that it does not. According to the findings of a recent UK government report, over half of the companies surveyed thought they had the right coverage in place, while only 10 percent actually did. Another sizable group of those surveyed responded that they had no idea which of the many cyber risks facing their company even could be insured.
We have been following the same cybersecurity approach, more or less, for over a decade. Yet, most everyone agrees that the problem continues to grow worse. Perhaps we are not on the right course. Maybe we are operating on false assumptions. The following list (to be continued in next month’s column) is meant to promote a dialogue about what, in my view, are widely held cybersecurity myths.
Two-way communication is key for Director of Security Brian Reich at Time Warner Cable, who strives to push his security officer partners to expand their role beyond the daily responsibilities of traditional security functions, striving to support the goals of the business. Also in this annual report, learn how consolidation is changing the guarding industry, how technology can support security officers and how a proposed ANSI standard could change the way enterprise security leaders fulfill officer training and selection. Also learn about building a network of influencers and data privacy clauses.