img-description

News

The U.S. government recently released guidelines for addressing cybersecurity to help businesses protect both digital and physical assets.
The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) aimed its guidelines for organizations, regulators and customers to create, guide, assess or improve comprehensive cybersecurity programs, responding to an executive from the President.
The February 2013 order called for the development of a voluntary, risk-based set of existing standards, guidelines and paractices to help organizations manage cyber risks in a cost-effective way….Organizations can use the guidelines to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. It also offers a methodology to protect privacy and civil liberties to help organizations incorporate those protections into a comprehensive cybersecurity program.
NIST noted that the framework follows a year of work, but should still be considered a first step and a “living” document that will continue to be updated to track technology advances and lessons learned through its use…
The document recommends five core functions of any cybersecurity arrangement-to identify, protect, detect, respond and recover. The document then describes the way in which an organizations’s cybersecurity risk managament can meet its goals.
“the development of this framework has jumpstarted a vital converversation between critical infrastructure sectors and their stakeholders.” said NIST Director Patrick D. Gallagher. “They can now work to understand the cybersecurity issues they have in common and how those issues can be addressed in a cost-effective way without reinventing the wheel.”
NIST also released a “roadmap” vision to direct future efforts and ways to identify and address key areas for cybersecurity development, alignment and collaboration. This additional document said that NIST will continue to coordinate and work with industries and other government agencies to help organizations understand, use and improve the framework.
The insurance industry commented on the NIST’s document, stating that the “voluntary” framework will “help critical infrastructure owners and operators manage the risks posed by the ever-evolving cyber threat landscape.
Angela Gleason, associate counsel for the American Insurance Association (AIA), stated, “AIA commends NIST for is diligent and thoughtful work in the development of the framework and we appreciated the opportunity to provide input during the development process. The White House and Department of Homeland Security (DHS) are tasked with exploring methods to implement the adoption of the Framework and have indicated they will host a number of workshops and seek public comment through request for information on a number of topics. AIA looks forward to working with DHS as it begins to talk with insurance carriers and requests feedback from the public on how the government can help grow the cybersecurity insurance market.”
The cybersecurity insurance landscape has grown and changed dramatically in recent years, propelled in part by recognition f the risks and several high-profile data breaches.
(The above article is taken from The Standard: Issue February 21 Vol. 274 No.7

Want the latest in Insurance News & Tips?

Let us keep you up to date with our email updates including helpful guides, money saving strategies, and industry news.
  • This field is for validation purposes and should be left unchanged.

Other News