While recent years have seen a spike in new forms of cyber attacks that increasingly threaten not only governments but also companies, information security management just got a recent boost.
On May 11, 2017, US President Donald Trump signed an executive order meant to fortify federal government cyber security measures and guard critical infrastructure from attacks. What is this new measure’s impact on the cybersecurity landscape and what does this mean for your business?
Impact on the cyber security landscape
The White House order looks into enhancing the cyber network security of US government agencies that have been at the receiving end of criticisms over sensitive data breaches of late.
The measure also seeks to strengthen the protection of critical infrastructures such as energy grids and financial sectors by stopping botnets and other automated, distributed threats, electricity disruption, and other cyber attacks that may pose a threat to national security.
The particulars include requiring heads of federal agencies to use the National Institute of Standards and Technology (NIST) framework for Improving Critical Infrastructure Cybersecurity to evaluate as well as manage their outstanding cyber risks.
Federal agencies have been given 90 days to craft and submit a report detailing their plan to implement this framework to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB). This requirement addresses the past administration’s urging of the private sector to use this NIST framework without requiring the same for federal agencies.
The executive order furthermore calls on government agencies to require the development of the cyber capabilities of their workforce. It also requires an assessment of the impact of a significant move by these agencies towards shared information technology environment like cloud-based services. Lastly, the executive order also encourages market transparency and partnerships with the private sector to improve cyber defence capabilities.
The Trump EO’s effect on your business
Building on the work began under the past administration, the Trump’s executive order has gained mostly positive reviews from both the Governance, Risk, and Compliance, Industry (GRCI) and cyber security experts.
Given that most of the US critical infrastructure owned and controlled by the private sector, observers foresee the measure to be more focused on partnering with private companies raise their cyber facilities rather than imposing more regulations and stiff penalties.
Indeed, by developing a more coherent cyber security policy with consequences for both public and private sectors, Trump’s executive order will prove to be beneficial for businesses. With Trump favouring private-sector oriented cyber security solutions, the new executive order offers a golden opportunity for your business.
At the same time, the federal government’s serious push towards addressing cyber security issues should also serve as an impetus for your company to take concrete steps to improve your cyber security capabilities.
What your business should do
Your business can put in place sound corporate policies and guidelines that are compliant with the new executive order and other federal and state cyber security legislation. It would be best to conduct an internal compliance and risk assessments following the NIST framework to determine your vulnerability to cyber attacks followed by periodic auditing of your cyber security features.
Such review should include ensuring compliance with industry standards and best practices. By assessing your company’s vulnerabilities and conducting regular testing and updating of cyber security practices and programs, potential risks are minimised. With the threats evaluated, your business can conduct training for your employees to ensure implementation of cyber security measures.
You should plan for a coordinated cyber incident response for your whole company, establishing clear protocols for common as well as unexpected forms of cyber attacks. This includes coming up with quick-reaction teams tasked with handling cyber attacks, performing processes that have been formulated in advance to make sure these do not have to be created while under attack.
Your business should ensure that top executives should also be properly informed about the company’s cybersecurity risks and the measures that are being undertaken to address them. Cybersecurity is an investment. It should be impressed upon the company leadership team that best security practices need to be adequately funded. This will allow for routine compliance measures as well as proactive testing of security systems in anticipation of more sophisticated attacks.
All in all, this means taking steps to implement best cyber security practices and ensuring that these are reflected in existing company rules as well as in internal controls operating processes. For example, it would be advised to collect information from clients and company personnel that are needed by business operations and only for the duration that they are required.
Data storage should also be protected from the risk of being exposed outside the organization. Using a layered defense approach, sensitive information can be stored away from other data that do not need the same security level.
StandardFusion as the solution
StandardFusion, a cloud-based integrated management system, is a service provider that can cater to your cyber security needs in an ever-evolving cyber security landscape. Designed as an easy-to-use and approachable solution for security and compliance, StandardFusion, features a minimalist and clean design that is accessible from any desktop browser or mobile gadget with internet access.
StandardFusion will prove to be a welcoming tool for users new to the Governance, Risk and Compliance Industry (GRC) with its easy, understandable interface. Users experienced with audits and compliance will meanwhile benefit from its ability to perform gap analysis to multiple standards, control analysis, and risk analysis using both quantitative and qualitative risk calculations. Our software automatically creates the necessary risk outputs necessary for compliance with standards such as ISO 27001, including risk register and statement of applicability.
StandardFusion is the tool of choice for companies embracing the changes brought about by the new administration’s executive order on cybersecurity.