NTSC Whitepapers

NTSC Whitepaper Library

NTSC whitepapers feature original thought leadership, CISO analysis and perspectives, and leading expert viewpoints about important technology security trends, challenges, and issues pertaining to national cybersecurity policy.

TOWARD COLLECTIVE DEFENSE: HOW DHS IS HELPING CISOS AND THE PRIVATE SECTOR PROTECT AGAINST CYBERATTACKS by Patrick Gaul, Executive Director, NTSC

This whitepaper reviews the DHS’s recent evolution and key priorities over the last year, gives an overview of what services DHS offers to help CISOs and security teams share cyber threat intelligence, and explains why participating with DHS helps strengthen a company’s security posture and improves national security.

STREAMLINING VENDOR IT SECURITY AND RISK ASSESSMENTS: A PERSPECTIVE ON STANDARDS-BASED ASSURANCE OF CLOUD PROVIDERS by Jim Reavis, Patrick Gaul, and Pete Chronis

This whitepaper recommends that businesses reduce their reliance on proprietary, in-house security assessment programs related to cloud computing. Instead, it urges businesses to leverage the CSA’s Security, Trust & Assurance Registry (STAR) program and its associated assurance tools as core components of vetting and procuring cloud providers and services.

PRIVACY IN EUROPE EXPLAINED FOR AMERICANS: PART I by Donna Gallaher, CISSP, C|CISO, CIPP/E, CIPM, FIP

Understanding the European view of data privacy outlined in this whitepaper may move the debate forward in the United States as well as position companies for both compliance and improved global consumer acceptance by adopting universally accepted privacy design standards.

PRIVACY IN EUROPE EXPLAINED FOR AMERICANS: PART II by Donna Gallaher CISSP, C|CISO, CIPP/E, CIPM, FIP

It is critical that we balance a fundamental right to privacy against the burdens placed on businesses, or the economy may suffer. The legislative considerations include ethics, economic impact, implementation, and enforcement challenges as discussed in greater detail in this whitepaper.

THINKING BEYOND PII: POLICY SOLUTIONS TO ADDRESS THE REAL CAUSES OF CYBERATTACKS by Jim McJunkin, Vice President & CISO, Discover Financial Services

In the United States, personally identifiable information (PII) is an excessive focus of most cybersecurity law, policy, and best practices from both the private sector and federal government. However, as the nature of cyberattacks grows more sophisticated, should PII remain our primary focus?

Sorry, no resources meet your search criteria