Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/13/2017
10:30 AM
Stephen Horvath
Stephen Horvath
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Leverage the Rosetta Stone of Information Sharing

A common framework will help in the development of cyber-risk management efforts.

"What threats are you seeing?"

"What tool did you buy?"

"Did you know an exploit for that vulnerability is in the wild?" 

Do these questions sound familiar? If you're a cybersecurity practitioner, they likely do. Historically, many organizations conduct information sharing that sounds a lot like this.

Unfortunately, these conversations are limited in scope and confined to a specific security concern, which means they rarely expand across multiple teams to achieve true organizational collaboration. You'll usually see governance folks talking to other governance folks, or security operations teams reaching out to other security operations teams.

These siloed conversations hinder an enterprise-wide ability to see the big cybersecurity picture. The good news is that cyber practitioners no longer have to take part in the same old song and dance.

With the recent mandate for public sector organizations to use the National Institute of Standards of Technology (NIST) Cybersecurity Framework (CSF) combined with increased adoption expected of the private sector, we have reached a potential tipping point for information sharing. The entire cybersecurity community — across the public and private sectors — can work together in developing more effective cyber-risk management processes that benefit everyone involved.

Redefining Information Sharing across the Enterprise
In May, the much-anticipated Cyber Executive Order called for broader adoption of the NIST CSF, which was initially introduced in 2014 to help critical infrastructure organizations manage cyber-risk more effectively.

The adoption rate of the NIST CSF has been strong. Gartner estimates that about 30% of U.S. organizations embraced the CSF in the first two years it was available, and forecasts expect that number to hit 50% by 2020.

A recent survey of attendees at this year's Amazon Web Services (AWS) Public Sector Summit found widespread support for the NIST CSF, with 80% saying that it effectively helps organizations manage risk. One of the drivers for this support is the desire for a common set of cybersecurity standards across both the public and private sectors. A remarkable 96% of those surveyed said a common language would benefit their organization.

Why is there such strong support for the NIST CSF and common standards? Well, it essentially solves the usual problems surrounding enterprise-wide information sharing. Matt Barrett, program manager for the NIST CSF, in a recent Q&A with our CSO, Rick Tracy, said that the CSF's purpose is "a way of bridging the gap between cybersecurity professionals and people who are experts in other fields."

The CSF provides a way for everyone, at every level of an organization, to understand cybersecurity in terms that are widely accepted, changing the tune of the typical cybersecurity dialog. Internally, this means that IT professionals from the server room can have an effective, worthwhile conversation with executives in the boardroom. 

In other words, it creates a universal language for cybersecurity. Similar to Rosetta Stone software making it easy to quickly learn a new language, the CSF provides a simple way for anyone to quickly pick up the intricacies of cybersecurity and a robust cyber-risk management plan. 

The CSF becomes the common lexicon that adds sorely needed context, especially when discussing gaps in security defenses and residual risks. In some cases, conversations are not enough if you don't understand the place your colleagues are coming from. As enterprises aim to improve their cyber-risk management processes, information sharing will take on new depth and meaning, empowered by a common language that is understandable both vertically within organizations as well as horizontally among other companies.

Automation Encourages Enterprise-Wide Collaboration
Despite the fact that the CSF has received significant support in the public sector, too many organizations in both the public and private sectors still see it as "just another framework" because they've seen many previous attempts at developing a common cybersecurity language fall to the wayside.

This is due in part to headaches associated with compliance. That same survey asked participants to name their biggest compliance challenge and two rose above the rest — 46% percent said it takes too much time and 45% said it is too complex. These responses were not surprising, unfortunately. Time and complexity are the compliance woes that have plagued cybersecurity leaders for years, and have inhibited any sustained efforts to modernize, innovate, and develop a much-need common cybersecurity language.

Thanks to technology improvements, the answer to overcoming those compliance hurdles has arrived in the form of automation. Organizations are now able to automate compliance standards such as the NIST CSF, which leads to dramatic savings in cost and time. By doing so, there can be an added focus on empowering employees to spend their time on more critical tasks, like responding to threats and risks. Similarly, automation frees up resources that can instead be devoted to innovation, research, and training.

Truly forward-leaning organizations with a focus on security that want to alleviate the burdens of complex compliance activities can implement automated processes that can reduce the time and effort needed by half.

Despite the challenges associated with compliance, automation presents an opportunity to streamline the compliance process. It's time that organizations become empowered to better utilize technologies that vastly improve cyber-risk management and allow for the necessary collaboration that will drive the future of cybersecurity. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Stephen Horvath is Vice President of Strategy and Vision at Telos Corporation, a leading provider of continuous security solutions and services for the world's most security-conscious agencies and organizations. Within this role, he is responsible for leading the development ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8904
PUBLISHED: 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (en...
CVE-2020-8905
PUBLISHED: 2020-08-12
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of ...
CVE-2020-12106
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
CVE-2020-12107
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
CVE-2020-7374
PUBLISHED: 2020-08-12
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user ...