Federal Cybersecurity Leadership Updates
Quite a few federal cybersecurity leadership changes have recently taken place. A few highlights include:
For an overall look at the Trump’s administration’s cybersecurity priorities, The Cipher Brief recently interviewed Rob Joyce (the White House’s Cybersecurity Coordinator).
SEC’s Office of Compliance Inspections and Examinations Identifies Cybersecurity Risks for Financial Advisory Firms
The SEC’s Office of Compliance Inspections and Examinations put out a Risk Alert on Monday that recommends ways that financial advisory firms need to shore up their cybersecurity weaknesses. Specifically, the Risk Alert recommends that firms need to improve cybersecurity policy, hygiene, and incident response. According to Investment News, “Federal regulators generally have been less prescriptive than some states when it comes to giving financial services firms detailed requirements for protecting their systems from attacks.”
NTT Security Report Indicates Manufacturing Industry Experiencing Rising Cyberattacks
In a recent report from NTT Security, the company says that cyberattacks on the manufacturing industry are continuing to rise—with email phishing ranking as a top cause of concern. NTT Security especially notes four findings:
According to a press release, “34% of all documented attacks targeted manufacturers. Moreover, manufacturers appear in the top three targets in five of the six geographic regions globally.”
NIST Framework Aims for Common Vocabulary When Describing Information Security Roles
This month, NIST released its National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework that “serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization.” According to Dark Reading, “For cybersecurity professionals, the IT security vocabulary framework may aid in giving job seekers and employers a common language and understanding when various skills and abilities are listed in job openings.”
International Data Sanitization Consortium (IDSC) Created to Champion and Promote Data Sanitization Best Practices
On Tuesday, the International Data Sanitization Consortium (IDSC) formally announced its creation. Founded in July 2017, the organization’s mission is to eliminate ambiguity around data sanitization, including terminology, standards, and guidelines. According to a press release, “When asked to identify the correct definition of data sanitization, 64 percent failed to choose the correct answer. On top of this, media reports and data recovery studies have repeatedly proven just how easy, common and dangerous it is for data to be recovered – all because devices had not been sanitized before they were discarded, recycled, traded in, resold or reused.”