This question was posed by a Forbes Technology Council member who points out that with the increase in devices connected to networks, cybersecurity has become part of every C-level, staff member and third-party vendor’s role to help manage risk of data exposure. This also means the focus must shift from IT teams being focused strictly on locking down the perimeter to regular outside testing and ongoing mitigation of vulnerabilities discovered. His proposed solution is development of a universal framework of internationally recognized standards and processes for network risk.
We help our clients and Resellers to use the NIST Cyber Security Framework (CSF) or International Standards Organization (ISO) to do this. By aligning to a recognized framework, not only can organizations identify holes in their current controls, processes or policies, but they can achieve compliance and receive an attestation from a third-party auditor like Foresite which can be shared with stakeholders to show that they are addressing cybersecurity concerns. These attestations are widely accepted in lieu of completing individual questionnaires from each customer.
What do you think? Are the current guidelines sufficient, or do we need a new universal standard?