Beyond Mere Compliance

Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code.
It's clear that Kemba Walden, the nation's acting national cyber director, is committed to a fundamental change in our approach to cybersecurity - a focus on investments in tools and skills that provide protection, not mere compliance that allows executives to check a box.
In her keynote address at BlackHat 2023 in early August, Walden straightforwardly laid out the Biden Administration's vision of a National Cybersecurity Strategy, one based on the adoption of the right cybersecurity tools and the deployment of the best people.
Seasoned cybersecurity professionals recognize the challenge that Walden and her team are addressing.
There, the number and sophistication of threats from bad actors plainly are rising at the same time that the Securities and Exchange Commission is nearing release of a regulatory framework that will govern the industry's cybersecurity responsibilities.
In response to the growing threat, the Securities and Exchange Commission in 2022 proposed stronger rules on cybersecurity protection as well as the process to report breaches.
The big players in the securities industry generally have strong cybersecurity teams.
While many suggested changes to improve the proposals - providing more time for companies to disclose a breach, for example - many opponents simply wrote off the improved cybersecurity rules as onerous, expensive and unneeded.
In the wealth-management sector - and, frankly, across the business world - decisions about investment in cybersecurity expertise and technology continue to be made by executives who don't have a deep understanding of cybersecurity issues.
At its heart, cybersecurity is simply a matter of managing and mitigating risk.
Cybersecurity experts themselves can deal with all those technical details that cause C-level executives to nod off during boardroom presentations.
Every executive understands the importance for managers to mitigate business risk, and that's what cybersecurity leaders need to be talking about.
In order to truly optimize an organization's risk management, strategy and spending on cybersecurity should always be derived from the organization's risk profile.
One of the most important lessons that cybersecurity professionals can share with top managers is this: No system in the world is completely secure and safe from hacking.
Quick expulsion is possible only when cybersecurity professionals keep a constant eye on the system in real time, not when organizations rely on tools that produce a look-back report that covers the previous day, week, or month.
Sleepless nights will be even more common among cybersecurity professionals in industries that are heavily regulated like financial services.
Leaders of the cybersecurity industry talked a lot about workforce development during BlackHat 2023, both during the formal presentations as well as informal conversations over a cup of coffee.
Today, many worry that AI will dramatically reduce the need for human expertise in cybersecurity.
Cybersecurity professionals, too, will survive and thrive in the world of AI as they upgrade their skills and seek out new opportunities to put those skills to work.
Cybersecurity professionals who sharpen their skills in ways that allow them to provide risk-analysis and risk-mitigation to top leaders of organizations will continue to thrive.


This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Tue, 26 Dec 2023 06:13:05 +0000


Cyber News related to Beyond Mere Compliance

Achieving Continuous Compliance - If you've ever explored regulatory compliance and cybersecurity, you'll understand the importance of continuous compliance in the digital age, where evolving technology and regulations require constant vigilance. This article will cover the ...
11 months ago Feeds.dzone.com
Leveraging Automation for Risk Compliance in IT - Organizations often encounter the challenge of managing complex technology ecosystems while ensuring data security, compliance, and risk management. One crucial aspect of this challenge is risk compliance in IT environments, specifically Linux ...
11 months ago Securityboulevard.com
How to Get PCI Compliance Certification? Steps to Obtain it - To mitigate the risk of such breaches, PCI compliance establishes stringent security protocols. In this blog let's understand how to get PCI Compliance certification. PCI DSS is a security standard for card transactions, which includes detailed ...
6 months ago Securityboulevard.com
Coming March 2024: How to Prepare for PCI DSS Version 4.0 Compliance - A 2022 Verizon report claims that only 43% of assessed organizations maintained full compliance in 2020. With the March 2024 deadline fast approaching, businesses that process and store card data are racing to implement the 13 new requirements in ...
10 months ago Securityboulevard.com
Legal and Compliance Considerations in Cloud Computing - This paradigm change has faced challenges, primarily legal and compliance issues. This can present severe legal issues, particularly regarding data ownership. According to S. Krishnan, the transforming nature of computing has created legal ...
9 months ago Feeds.dzone.com
Achieving Automated TISAX Compliance - In its 2024 Automotive Cybersecurity Report, Upstream found that 50% of all automotive cyber incidents in 2023 had a high or massive impact. International institutions are taking steps to help automotive organizations defend themselves against black ...
5 months ago Tripwire.com
Business Data Privacy Laws: Compliance and Beyond - Governments worldwide have implemented strict data privacy laws to protect individuals' information in the face of increasing cyber threats and data breaches. Let's dive into the world of business data privacy laws as we navigate the complexities of ...
9 months ago Securityzap.com
Optimize Control Health Management Across Business Levels: Introducing Scopes - Managing controls across multiple business units becomes increasingly challenging and costly as operational requirements evolve. To help compliance leaders efficiently view and manage control health across product lines, geographies and business ...
9 months ago Securityboulevard.com
Enhancing PCI DSS Compliance: The Urgent Need for Risk-Based Prioritization - Keeping U.S. commercial critical national infrastructure organizations safe is vital to national security, and it's never been more top of mind as international conflicts and cyberattacks increase and create tensions for businesses, governments, and ...
9 months ago Cyberdefensemagazine.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
Thought GDPR Compliance Was Hard? Buckle Up - COMMENTARY. Five years since the European Union's General Data Protection Regulation took effect, its fingerprints are everywhere: from proliferating privacy laws worldwide to the now-ubiquitous consent banners seen across websites of every kind. For ...
11 months ago Darkreading.com
The Importance of SOC 2 Templates - Between navigating the SOC 2 landscape and implementing the proper controls and security systems, the to-do list quickly becomes overwhelming. Many tasks required for successful SOC 2 compliance don't come with a 'how-to' manual. In this piece, we're ...
10 months ago Securityboulevard.com
Using Wazuh SIEM and XDR Platform to Achieve PCI DSS Compliance - The Payment Card Industry Data Security Standard (PCI DSS) is a compliance standard that specifies security requirements for organizations that process, store, and transmit card data. Adhering to regulatory compliance is essential as it helps ...
1 year ago Bleepingcomputer.com
Transcend enhances its privacy platform to address current and future compliance challenges - Transcend announced an expansion of its product suite-going even further to help the world's best brands manage complex privacy compliance challenges. Powering privacy for Fortune 100 companies, the global 2000s, and high-growth start-ups, Transcend ...
11 months ago Helpnetsecurity.com
A Solution to Discover and Remediate Data Security Risks in Hybrid Multicloud Environments - PRESS RELEASE. SANTA CLARA, Calif., Nov. 27, 2023 - Fortanix® Inc., a leader in data security and pioneer of Confidential Computing, today announced Key Insight, a new industry-first capability in the Fortanix Data Security Manager TM platform ...
11 months ago Darkreading.com
5 common data security pitfalls - Many organizations are caught in the crosshairs of cybersecurity challenges, often due to common oversights and misconceptions about data security. From the pitfalls of decentralized data security strategies to the challenges of neglecting known ...
11 months ago Securityintelligence.com
ISB Cybersecurity Awareness Month: Expert Tips - Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor ...
1 month ago Informationsecuritybuzz.com
Beyond Mere Compliance - Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code. ...
10 months ago Cyberdefensemagazine.com
4 Security Tips From PCI DSS 4.0 Anyone Can Use - To security professionals, compliance may not be the sexiest subject, but is an important one for a variety of reasons. Security teams are important stakeholders in governance, risk, and compliance efforts, and, thus, their efforts deserve an ...
8 months ago Darkreading.com
Okta to Acquire Spera Security - In a landmark move, Okta, the leading Identity and Access Management provider has announced its acquisition of Spera Security, a rising star in the Identity security space. Spera Security plays a strategic role in enhancing organizations' ...
11 months ago Cybersecuritynews.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
10 months ago Techtarget.com
Cybersecurity Compliance: Understanding Regulatory Frameworks - Data breaches continue to increase year over year: there was a 20% increase in data breaches from 2022 to 2023 and globally and there were twice the number of victims in 2023 as compared to 2022. Compliance frameworks vary by industry, region, and ...
7 months ago Offsec.com
Sekoia.io achieves PCI-DSS compliance - These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors ...
11 months ago Blog.sekoia.io
What Is Compliance Monitoring for Remote Developers? - Compliance monitoring involves tracking remote employee activities to ensure they follow the rules and regulations set forth by companies and the industry. Monitoring a remote workforce from day one helps businesses identify any problem issues and ...
10 months ago Feeds.dzone.com
Three security data predictions for 2024 - New and updated regulations, along with increased scrutiny from the SEC, put a strain on governance, risk and compliance teams to manage an organization's security, risk and compliance posture. At the end of the day, security teams' jobs are to ...
11 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)