Cybergovernance Journal Update – 2/11/2016
NIST Framework is gaining traction in government circles, but companies are still falling short of comprehensives solutions; instead relying on periodic risk assessments or throwing more experts at the problem.
Former spymaster to help fight cyber crime
Financial Times, Feb. 11
Mr. Weil says companies need to take a wider view of cyber risks. “A lot of cyber, because it is tech-borne risk, is in the hands of IT departments. But a lot of the risk is about people and processes, so it needs thinking about in a much broader way.”
Read Article (subscription required)
100 Ways to Improve Federal Cybersecurity
Ecommerce Times, Feb. 8
The NIST framework has gotten traction in the private sector as a sound baseline reference for dealing with cyberthreats — and it has relevance to government agencies as well.
SEC Will Only Target Directors in Egregious Cases
Bloomberg News, Feb. 10
Lara Shalov Mehraban of the SEC said, “Where companies might find themselves in trouble with the SEC enforcement unit is if they “fail to take reasonable steps to protect their customers information from cyber attacks or where their cyber-related disclosures are materially false or misleading.”
Cybergovernance: Are More Experts the Answer?
LinkedIn, Feb. 11
Even if adding a cybersecurity expert to each board were the best solution, the dearth of available talent prevents all but the largest companies from pursing this strategy.
Why Depending on Cyber Risk Assessments is a Risk
SecurityWeek, Feb. 4
Any cybersecurity process that relies heavily on periodic risk assessments is not only giving the company a false sense of how safe they are, it’s reflecting energy and resources away from discovering, mitigating and/or preparing for real active and immediate cyber threats.
Obama Wants More Cybersecurity Funding and a Federal CISO
CIO, Feb. 11
A central piece of that effort is the Digital Service team the administration has formed, a team of IT experts — many drawn from the private sector — who work with the in-house staff at various agencies to improve their technology operations.