[ISN] Keeping Up with Cybersecurity Framework

http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329 By Eric Chabrow Bank Info Security May 30, 2014 The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government’s cybersecurity framework goals. And that observation comes as some critics gripe that the framework is quite basic, too simple to be effective to protect critical infrastructure. That’s an arguable point, one that the framework’s point man, Adam Sedgewick, disputes. But even if it’s too basic, many see great value in the framework, issued in February as a guide to critical infrastructure owners that they could voluntarily adopt (see NIST Releases Cybersecurity Framework). Are infrastructure owners adopting the framework? That’s a question Rep. Jim Langevin, D-R.I., wants answered, and earlier this week he persuaded his colleagues in the House to support a survey of infrastructure operators to find out just that. Where are most organizations failing in implementing basic cybersecurity protections? PricewaterhouseCoopers identifies 45 IT security practices, policies and technologies that correspond with the cybersecurity framework, but in only seven of them did at least half of the respondents’ organizations implement those practices, policies and technologies. The seven widely adopted practices, policies and technologies are: […]