NIST Framework is gaining traction in government circles, but companies are still falling short of comprehensives solutions; instead relying on periodic risk assessments or throwing more experts at the problem.
Financial Times, Feb. 11
Mr. Weil says companies need to take a wider view of cyber risks. “A lot of cyber, because it is tech-borne risk, is in the hands of IT departments. But a lot of the risk is about people and processes, so it needs thinking about in a much broader way.”
Read Article (subscription required)
Bloomberg News, Feb. 10
Lara Shalov Mehraban of the SEC said, “Where companies might find themselves in trouble with the SEC enforcement unit is if they “fail to take reasonable steps to protect their customers information from cyber attacks or where their cyber-related disclosures are materially false or misleading.”
SecurityWeek, Feb. 4
Any cybersecurity process that relies heavily on periodic risk assessments is not only giving the company a false sense of how safe they are, it’s reflecting energy and resources away from discovering, mitigating and/or preparing for real active and immediate cyber threats.
CIO, Feb. 11
A central piece of that effort is the Digital Service team the administration has formed, a team of IT experts — many drawn from the private sector — who work with the in-house staff at various agencies to improve their technology operations.