http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329
By Eric Chabrow
Bank Info Security
May 30, 2014
The folks at PricewaterhouseCoopers, after surveying 500 U.S. business,
law enforcement and government executives, conclude that the vast majority
of cybersecurity programs fall very short of the federal government's
cybersecurity framework goals.
And that observation comes as some critics gripe that the framework is
quite basic, too simple to be effective to protect critical
infrastructure. That's an arguable point, one that the framework's point
man, Adam Sedgewick, disputes.
But even if it's too basic, many see great value in the framework, issued
in February as a guide to critical infrastructure owners that they could
voluntarily adopt (see NIST Releases Cybersecurity Framework). Are
infrastructure owners adopting the framework? That's a question Rep. Jim
Langevin, D-R.I., wants answered, and earlier this week he persuaded his
colleagues in the House to support a survey of infrastructure operators to
find out just that.
Where are most organizations failing in implementing basic cybersecurity
protections? PricewaterhouseCoopers identifies 45 IT security practices,
policies and technologies that correspond with the cybersecurity
framework, but in only seven of them did at least half of the respondents'
organizations implement those practices, policies and technologies. The
seven widely adopted practices, policies and technologies are:
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
