With a growing number of high profile companies becoming the targets of devastating hacks and data security breaches,it’s imperative that organizations double down on their IT security defenses. In the U.S., collaborative information sharing on cyber threats between the private sector and the government is also becoming a bigger piece of the puzzle, thanks to a new measure rolling out from the oval office.
President Barack Obama’s newly signed cybersecurity executive order aims to bridge that gap, opening a dialogue for tighter security and enacting a nation-wide initiative to strengthen the system as a whole. Here’s a breakdown of the main takeaways from the Presidential order and a look at key standards in information security.
The Cybersecurity Order: Parsed
In a nutshell, President Obama’s order promotes the sharing of intelligence on cybersecurity issues — both across the private sector and, more notably, between the private sector and the federal government. The idea is to create better collaboration between U.S. companies and the government to help identify and prevent emerging cyber attack threats.
Through the Department of Homeland Security, a non-profit organization is being created to develop a set of voluntary standards to be used across the cybersecurity info-sharing community. The objective here is to help streamline coordination in the private sector, then use that as a springboard to create more direct engagement between the private sector and government agencies.
One important way the order will deepen the level of private and governmental collaboration is through granting greater and speedier access to classified cyber threat information to approved organizations, as determined by the DHS. Once approved, organizations will have better access to classified details that can help shore up security and aid in the defense against data breaches.
To address public concerns, the executive order includes “strong protections” for privacy and civil rights. This includes the establishment of standards to aid in ensuring privacy and protection for organizations and individuals involved. The order, however, doesn’t yet outline specific mechanisms for how this will be put in effect.
Important security standards and regulations
If your company needs to get up to speed on U.S. security standards and best practices, here’s a quick glance at several key regulation sets that directly relate to corporate operations.
ISO/IEC 2700 – 2706: This family of standards focuses on information management security systems and, more specifically, how companies can best design, implement, and measure these critical systems successfully.
NIST: While the National Institute of Standards and Technology’s 800 series was originally designed for federal agencies, the valuable information security advice and best practices it contains can all easily be applied to the corporate business realm.
Sarbanes-Oxley Section 404: The 2002 Sarbanes-Oxley act created a new set of standards for corporate accountability, and section 404 specifically delves into the evaluation of internal security controls for both public and private corporate entities.
Get ahead of the cybersecurity curve
Don’t wait until your company is vulnerable or under attack! Download our free white paper outlining the state of cybersecurity in 2015 and how your organization can meet these challenges head-on.