Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

Utilizing Cyber Security Standards And Frameworks

Whether mandatory or not, enterprises can find industry frameworks useful

Add bookmark
Alarice Rajagopal
Alarice Rajagopal
07/08/2019
Utilizing Cyber Security Standards And Frameworks

After establishing a risk assessment and risk management as the foundation for a cyber security program, many enterprises then turn to a control framework or set of standards to help streamline processes and reduce costs. Standards can help the organization define terminology, and manage systems, processes and controls in a more streamlined or uniform manner.

On the other hand, many enterprises have to comply with a mix of state, industry-specific and/or international cyber security regulations. When it comes to our recent “Cyber Security Mid-Year Snapshot 2019” survey respondents, Figure 16 (below) shows that most are using the ISO/IEC 27000 family of standards at 44.93%, which aims to help organizations‘keep information assets secure.’

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

The next largest group is leveraging the NIST Cyber Security Framework (CSF) at 39.13%. As shown in the survey demographics, almost half of respondents are based in North America, so it comes as no surprise that the NIST CSF is high on the list. In the U.S., this Framework is widely pointed to as the go-to standard for security practices and development. While the use of the CSF is not mandatory for the private sector, many enterprise security leaders are still adopting it to provide a more common language and systematic methodology.

“The updated NIST cyber security framework is a pragmatic tool to enable an organization to gain clarity on its current level of capability for cyber risk management,” says James Turner, cyber security industry analyst for IBRS.

See Related: “NIST Releases IoT Cyber Security And Privacy Risks Report

Modeled after the NIST CSF is its latest Privacy Framework, which was announced at RSAC 2019, that is also meant to be risk-based/outcome-based and non-prescriptive, in order to increase adoption. With the abundance of data breaches in the news lately, this could be an upcoming framework to watch as enterprises try to get a better handle on their data privacy security strategies.

Finally, and perhaps surprising is the next highest number of respondents that are not using any industry frameworks or standards at all (28.99%). As this is the first introduction of the question for survey takers, it will be interesting to follow up and determine whether or not the use of these continues to grow or stall.

See Full Report: “Cyber Security Mid-Year Snapshot 2019

 

Tags: Cyber Security Framework Standards NIST Cyber Security Framework NIST Risk Management June Market Report cyber security industry standards Cyber Security Standards IT security standards IT security frameworks

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy