Expert: Make Cybersecurity Enterprisewide

The nation is experiencing and will continue to experience constant, serious, well-financed and organized cyber attacks, warns Pat Toth, information security specialist at the National Institute of Standards and Technology.


The nation is experiencing and will continue to experience constant, serious, well-financed and organized cyber attacks, warns Pat Toth, information security specialist at the National Institute of Standards and Technology.

At the Safeguarding Health Information conference in Washington, Toth noted the attacks come from “people who really intend to compromise our federal information systems.” But it isn’t just federal systems at risk--high schools, private businesses and everyone else are at risk, she adds. “We need to protect information at every level. Ninety percent of the information infrastructure is owned outside the federal government.”

To protect themselves, organizations must integrate cybersecurity into their enterprise I.T. architecture and into every step of an information system’s life cycle, Toth advises. “You need enterprise risk-based protection strategies unified into a security framework.”

In that framework, equal emphasis is necessary for such issues as selection of security controls, implementation, assessment, monitoring and authorization of information systems, she contends. Organizations need to appoint a risk executive to take control of cybersecurity, and increase use of automation for improved consistency of protections and reporting.

NIST has created and published on its Web site a Risk Management Framework to aid any type of organization in improving its cybersecurity. The site includes in-depth documents, as well as “Quick Start Guides,” which are similar to Cliff Notes. The framework and additional information is available at www.csrc.nist.gov. NIST also offers one-day training courses on each step of the framework and expects in June to launch online courses.

--Joseph Goedert

 

More for you

Loading data for hdm_tax_topic #reducing-cost...