An Introduction to Security Frameworks

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

A key takeaway from RSA Conference 2019 was the importance of security frameworks. They encompass security best practices and help government agencies keep their heads above water amid all the cyber threats that are out there. When breaches do occur at the federal level, the post-mortem usually reveals some deficiencies in compliance.

For the federal government, the National Institute of Standards and Technology (NIST) is the primary source for security standards. The Office of Management and Budget (OMB) requires that agencies comply with NIST guidance. If you sell technology to the government, it’s important that you be familiar with security frameworks, because they play a big factor in why agencies buy what they buy in terms of security tools and services.

Security frameworks can largely be split into three categories: Control, Program and Risk.

The purpose of control frameworks is to identify a baseline set of controls, assess the state of technical capabilities, prioritize the implementation of controls and develop an initial roadmap for the security team. It’s important to become familiar with NIST SP 800-53, an important publication that catalogs security and privacy controls, because it helps agencies measure their impact. Government departments and agencies use NIST SP 800-53 to inform their purchasing decisions, specifically around incident response, configuration management, risk assessment and access control solutions.

Read more of this post

Can collaboration save us from cyber attacks?

By Tim Larkins, director of Market Intelligence

By 2020, businesses will experience $3 trillion in economic loss due to cyber attacks globally. Seventy-four percent of the world’s businesses expect to be hacked this year. If that’s not a crisis, I don’t know what is.

If you were one of 45,000 people who attended the RSA conference last month in San Francisco, you likely picked up on a few common themes related to this cyber crisis. Thought leaders and industry experts seemed to agree that we need more collaboration between companies, governments and associations in developing standards, policies and regulations for both cybersecurity and the internet of things.  We need more threat intelligence sharing, and some even advocated for creating an entire government agency dedicated to cybersecurity and IoT.

Read more of this post

%d bloggers like this: