Seamless Security? Elevating Global Cyber Risk Management Through Interoperable Frameworks

“The Coalition to Reduce Cyber Risk (CR2) is calling for a global approach to cybersecurity risk management underpinned by interoperable frameworks,” said Alexander Niejelow, President of the CR2 Board of Directors and Senior Vice President of Cybersecurity Coordination and Advocacy for Mastercard. “Our companies recognize that good cybersecurity risk management rests on a common security baseline of practices as well as a common taxonomy and lexicon. By recognizing this common core as a global standard, companies can more effectively reduce risk as we work across multiple economies and sectors.”

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: Recently published by the Coalition to Reduce Cyber Risk (CR2) and highlighted by Amy Mahn of NIST on the Cybersecurity Insights blog, the Seamless Security white paper describes how international, national, and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users.

Press Announcement

Coalition to Reduce Cyber Risk Calls for a Global Cybersecurity Risk Management Standard

Today, February 26, 2020, the Coalition to Reduce Cyber Risk (CR2) released a white paper calling for a more coordinated global approach to cybersecurity risk management as countries put forward national frameworks for securing information systems and data. Specifically, CR2 encourages government regulators from all countries and all sectors of the global economy to leverage best-in-class international standards, such as ISO/IEC 27101 and ISO/IEC 27103, as the starting point for their approach to cybersecurity.

At the same time that global cyber threats increase in sophistication, the global digital supply chain links multinational companies with small and medium-sized businesses around the world. This type of interconnectedness necessitates an approach to cyber risk management that crosses industrial sectors as well as geopolitical borders.

The Seamless Security white paper describes how international, national and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users. It also reflects the collective experience of CR2 members that have worked with governments and internally to implement cyber risk management programs across dynamic global infrastructures and operations. It further highlights that globally recognized frameworks, standards, and approaches help companies manage and evaluate security at scale and focus on protecting their customers. Many of those cyber risk management approaches harness common security principles, desired outcomes, and controls through frameworks and sector-specific profiles.

“CR2 is calling for a global approach to cybersecurity risk management underpinned by interoperable frameworks,” said Alexander Niejelow, President of the CR2 Board of Directors and Senior Vice President of Cybersecurity Coordination and Advocacy for Mastercard. “Our companies recognize that good cybersecurity risk management rests on a common security baseline of practices as well as a common taxonomy and lexicon. By recognizing this common core as a global standard, companies can more effectively reduce risk as we work across multiple economies and sectors.”

The paper was released today at an event hosted by CR2 at Microsoft’s San Francisco offices. The event featured speakers from CR2 member companies and include representatives from the U.S. government, multiple foreign governments, and the private sector.  The discussion focused on the findings and recommendations of the paper, as well as a strategy for operationalizing those recommendations.

The Coordinated Solution from the White Paper states:

“Numerous national governments and sectoral regulators have already adopted an approach that’s consistent with using ISO/IEC 27103 as the core of their cyber framework, reducing barriers to coordination and enabling cross-border, cross-sector cooperation to address shared cyber threats. 

We encourage government regulators from all countries and all sectors of the global economy to leverage ISO/IEC 27103 as the starting point for their approach to cybersecurity.  The consistency that a common baseline, taxonomy, and lexicon provide will enable government and industry alike to better mitigate threats to their organizations and to our societies as a whole.”

Read the complete press release at Coalition to Reduce Cyber Risk Calls for a Global Cybersecurity Risk Management Standard


White Paper

Seamless Security: Elevating Global Cyber Risk Management Through Interoperable Frameworks

Executive Summary

Global cyber threats are increasing in number and sophistication. For many organizations, addressing these threats requires effective cyber risk management and a web of partnerships across sectors and borders. Interconnectedness, including among global enterprises and small businesses integrated into global supply chains, intensifies the importance of more consistent or seamless approaches to security. In developing cybersecurity regulation and guidance documents, government policymakers can foster greater consistency, which has significant benefits not only for security operations but also for economic opportunity, by leveraging internationally recognized cyber risk management frameworks and their standard taxonomies and terminology. Such frameworks, including ISO/IEC 27103, provide a foundational security baseline that facilitates interoperability and cross-sector and cross-border coordination.

This paper describes how international, national, and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users. It also reflects the collective experience of Coalition to Reduce Cyber Risk (CR2) members that have worked with governments and internally to implement cyber risk management programs across dynamic global infrastructures and operations. We have learned that the adoption of globally recognized frameworks, standards, and approaches helps companies manage and evaluate security at scale and focus on protecting their customers. Many of those cyber risk management approaches harness common security principles, desired outcomes, and controls through frameworks and sector-specific profiles.

Read the Complete White Paper (PDF) Mouseover and Scroll

CR2 White Paper on Seamless Security - February 2020

Read the original white paper on Seamless Security

Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Reveal Acquires NexLP

According to Jay Leib, Co-Founder and CEO of NexLP, "We chose...

Predictive Coding Technologies and Protocols: Fall 2020 Survey

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Predictive Coding Technologies and Protocols: Fall 2020 Survey

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Reveal Acquires NexLP

According to Jay Leib, Co-Founder and CEO of NexLP, "We chose...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

[New Survey]
[New Survey]