NTSC Whitepapers

NTSC Whitepaper Library

NTSC whitepapers feature original thought leadership, CISO analysis and perspectives, and leading expert viewpoints about important technology security trends, challenges, and issues pertaining to national cybersecurity policy.

CISO 2.0

CISO 2.0 examines the changing role of the CISO, the evolving regulatory role surround the CISO, and the potential impact these elements will have on CISOs and some thoughts on how they may affect the role going forward.

NATIONAL DATA BREACH

This white paper examines the Congressional attempts to implement national data breach notification legislation, current obstacles that must be overcome to successfully pass a national data breach notification law, and recommendations on overcoming these obstacles.

SEVEN CYBERSECURITY LESSONS THE CORONAVIRUS CAN TEACH THE ARMED FORCES (AND US ALL)

Ray Rothrock, Author of "Digital Resilience" and Executive Chairman of RedSeal, discusses with Dr. Mike Lloyd, Chief Technology Officer of RedSeal, the correlation of an invisible enemy like COVID-19 versus cyber attacks and how we can best defend ourselves against a possible COVID-like cyber event.

NTSC 2020 RECAP

A summary of NTSC accomplishments in 2020

CLOSING THE REAL CYBERSECURITY TALENT GAP: THE CASE FOR EXPANDING FEDERAL CYBER SCHOLARSHIP FOR SERVICE PROGRAMS

This whitepaper will address facts about the actual cybersecurity talent gap; what kind of pipeline we actually need, and why; the root causes of our talent pipeline issues; and how a cyber scholarship for service program (and related apprenticeship programs) can solve the cybersecurity talent problem—addressing both the quantity and experience of candidates.

A FEDERAL DATA PRIVACY LEGISLATIVE FRAMEWORK

Bipartisan Recommendations on Preemption, Enforcement, and Private Right of Action for Legislators and Policymakers

WHY WE NEED THE EMERGING VOICE OF THE CISO IN WASHINGTON DC by Patrick Gaul

In this whitepaper, we look closely at why the voice of the CISO matters in Washington, D.C.

FIGHTING THE INVISIBLE HURRICANE—WHY A PUBLIC-PRIVATE CYBERSECURITY PARTNERSHIP SUPPORTS NATIONAL SECURITY by Larry Williams

Everyone—lawmakers, non-technical business stakeholders, and the public—needs to care about cybersecurity policy and how our efforts to strengthen the public-private partnership positively affect national security.

THIRD PARTY RISK MANAGEMENT: JUST THE RIGHT THING TO DO by Angela Dogan and Kevin Howarth

This whitepaper examines why more TPRM programs are not mature, what a mature program looks like, and how legislation, regulations, and standards help promote the adoption of mature TPRM programs across all organizations.

TOWARD COLLECTIVE DEFENSE: HOW DHS IS HELPING CISOS AND THE PRIVATE SECTOR PROTECT AGAINST CYBERATTACKS by Patrick Gaul, Executive Director, NTSC

This whitepaper reviews the DHS’s recent evolution and key priorities over the last year, gives an overview of what services DHS offers to help CISOs and security teams share cyber threat intelligence, and explains why participating with DHS helps strengthen a company’s security posture and improves national security.

STREAMLINING VENDOR IT SECURITY AND RISK ASSESSMENTS: A PERSPECTIVE ON STANDARDS-BASED ASSURANCE OF CLOUD PROVIDERS by Jim Reavis, Patrick Gaul, and Pete Chronis

This whitepaper recommends that businesses reduce their reliance on proprietary, in-house security assessment programs related to cloud computing. Instead, it urges businesses to leverage the CSA’s Security, Trust & Assurance Registry (STAR) program and its associated assurance tools as core components of vetting and procuring cloud providers and services.

PRIVACY IN EUROPE EXPLAINED FOR AMERICANS: PART I by Donna Gallaher, CISSP, C|CISO, CIPP/E, CIPM, FIP

Understanding the European view of data privacy outlined in this whitepaper may move the debate forward in the United States as well as position companies for both compliance and improved global consumer acceptance by adopting universally accepted privacy design standards.

PRIVACY IN EUROPE EXPLAINED FOR AMERICANS: PART II by Donna Gallaher CISSP, C|CISO, CIPP/E, CIPM, FIP

It is critical that we balance a fundamental right to privacy against the burdens placed on businesses, or the economy may suffer. The legislative considerations include ethics, economic impact, implementation, and enforcement challenges as discussed in greater detail in this whitepaper.

THINKING BEYOND PII: POLICY SOLUTIONS TO ADDRESS THE REAL CAUSES OF CYBERATTACKS by Jim McJunkin, Vice President & CISO, Discover Financial Services

In the United States, personally identifiable information (PII) is an excessive focus of most cybersecurity law, policy, and best practices from both the private sector and federal government. However, as the nature of cyberattacks grows more sophisticated, should PII remain our primary focus?

Sorry, no resources meet your search criteria