Keeping Up with Cybersecurity Framework

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329

By Eric Chabrow
Bank Info Security
May 30, 2014

The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, 
law enforcement and government executives, conclude that the vast majority 
of cybersecurity programs fall very short of the federal government's 
cybersecurity framework goals.

And that observation comes as some critics gripe that the framework is 
quite basic, too simple to be effective to protect critical 
infrastructure. That's an arguable point, one that the framework's point 
man, Adam Sedgewick, disputes.

But even if it's too basic, many see great value in the framework, issued 
in February as a guide to critical infrastructure owners that they could 
voluntarily adopt (see NIST Releases Cybersecurity Framework). Are 
infrastructure owners adopting the framework? That's a question Rep. Jim 
Langevin, D-R.I., wants answered, and earlier this week he persuaded his 
colleagues in the House to support a survey of infrastructure operators to 
find out just that.

Where are most organizations failing in implementing basic cybersecurity 
protections? PricewaterhouseCoopers identifies 45 IT security practices, 
policies and technologies that correspond with the cybersecurity 
framework, but in only seven of them did at least half of the respondents' 
organizations implement those practices, policies and technologies. The 
seven widely adopted practices, policies and technologies are:

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/