Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.
This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.
This is the first in a recurring series that explores the functions, categories and subcategories of the National Institute of Standards & Technology (NIST) cybersecurity framework.
Mention cybersecurity and immediate thoughts turn to technical controls such as firewalls, endpoint detection and patching systems. While these and other technical controls certainly are necessary, they must work in tandem with administrative and physical controls in order to form a mature risk mitigation program. This month, we will explore some of the physical aspects of cyber risk management, which inherently relies upon on-site security personnel and employee training for proper execution.
Your company may think it has adequate insurance coverage for a network breach, but there’s a good chance that it does not. According to the findings of a recent UK government report, over half of the companies surveyed thought they had the right coverage in place, while only 10 percent actually did. Another sizable group of those surveyed responded that they had no idea which of the many cyber risks facing their company even could be insured.
This month’s column takes over where we left off in April, bringing to a close our Top 10 list of widely held cybersecurity myths. This month’s list should prove no less provocative.
RSS
