Cybersecurity: A Mid-Year Update

A recent post on NextGov from Maria Horton, CEO of risk mitigation firm EmeSec details the four top-of-mind issues when it comes to cybersecurity this year.

According to Horton, the issues include:

1. A private look at regulation: Compliance to cybersecurity regulation has moved beyond the government and into the private sector, says Horton. “As commercial companies look to offer innovation to their customers, their operations and security resources must address in both a proactive and responsive manner the mandates of controlled, unclassified information, cybersecurity framework requirements and human resource challenges,” she writes.

2. The new distribution plan: It’s not just the large-scale companies that need to concern themselves with distributed security plans, says Horton. Small to medium sized business should implement elements such as “cyber crisis planning, proactive reputational protection and damage prevention, as well as incident response operations and training that address the distributed organizational data and information,” she writes.

3. Keep up to date: New releases and standards such as those from the upcoming National Institute of Standards and Technology, the Federal Information Security Management Act and the Federal Risk and Authorization Management Program require preparation and training, says Horton. “Without the proper preparation of business processes, employee training, third-party SLAs, etc., your business may face the multiple costs of noncompliance,” she writes. “The focus should be on the basic requirements in 2016 and the more complex derived security controls in 2017.”

4. To outsource or not to outsouce: Horton recommends using independent auditors and compliance officers to avoid internal blind spots. “For many organizations, the use of outsourced chief information security officer-as-a-service and other capabilities is becoming the risk mitigation strategy of choice – providing validation as well as a fresh perspective to meeting the due diligence requirements demanded by boards and customers,” she writes.