Sun. Aug 14th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    pt flag
    ru flag
    es flag

    Editor’s Note: Recently published by the Coalition to Reduce Cyber Risk (CR2) and highlighted by Amy Mahn of NIST on the Cybersecurity Insights blog, the Seamless Security white paper describes how international, national, and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users.

    Press Announcement

    Coalition to Reduce Cyber Risk Calls for a Global Cybersecurity Risk Management Standard

    Today, February 26, 2020, the Coalition to Reduce Cyber Risk (CR2) released a white paper calling for a more coordinated global approach to cybersecurity risk management as countries put forward national frameworks for securing information systems and data. Specifically, CR2 encourages government regulators from all countries and all sectors of the global economy to leverage best-in-class international standards, such as ISO/IEC 27101 and ISO/IEC 27103, as the starting point for their approach to cybersecurity.

    At the same time that global cyber threats increase in sophistication, the global digital supply chain links multinational companies with small and medium-sized businesses around the world. This type of interconnectedness necessitates an approach to cyber risk management that crosses industrial sectors as well as geopolitical borders.

    The Seamless Security white paper describes how international, national and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users. It also reflects the collective experience of CR2 members that have worked with governments and internally to implement cyber risk management programs across dynamic global infrastructures and operations. It further highlights that globally recognized frameworks, standards, and approaches help companies manage and evaluate security at scale and focus on protecting their customers. Many of those cyber risk management approaches harness common security principles, desired outcomes, and controls through frameworks and sector-specific profiles.

    “CR2 is calling for a global approach to cybersecurity risk management underpinned by interoperable frameworks,” said Alexander Niejelow, President of the CR2 Board of Directors and Senior Vice President of Cybersecurity Coordination and Advocacy for Mastercard. “Our companies recognize that good cybersecurity risk management rests on a common security baseline of practices as well as a common taxonomy and lexicon. By recognizing this common core as a global standard, companies can more effectively reduce risk as we work across multiple economies and sectors.”

    The paper was released today at an event hosted by CR2 at Microsoft’s San Francisco offices. The event featured speakers from CR2 member companies and include representatives from the U.S. government, multiple foreign governments, and the private sector.  The discussion focused on the findings and recommendations of the paper, as well as a strategy for operationalizing those recommendations.

    The Coordinated Solution from the White Paper states:

    “Numerous national governments and sectoral regulators have already adopted an approach that’s consistent with using ISO/IEC 27103 as the core of their cyber framework, reducing barriers to coordination and enabling cross-border, cross-sector cooperation to address shared cyber threats. 

    We encourage government regulators from all countries and all sectors of the global economy to leverage ISO/IEC 27103 as the starting point for their approach to cybersecurity.  The consistency that a common baseline, taxonomy, and lexicon provide will enable government and industry alike to better mitigate threats to their organizations and to our societies as a whole.”

    Read the complete press release at Coalition to Reduce Cyber Risk Calls for a Global Cybersecurity Risk Management Standard


    White Paper

    Seamless Security: Elevating Global Cyber Risk Management Through Interoperable Frameworks

    Executive Summary

    Global cyber threats are increasing in number and sophistication. For many organizations, addressing these threats requires effective cyber risk management and a web of partnerships across sectors and borders. Interconnectedness, including among global enterprises and small businesses integrated into global supply chains, intensifies the importance of more consistent or seamless approaches to security. In developing cybersecurity regulation and guidance documents, government policymakers can foster greater consistency, which has significant benefits not only for security operations but also for economic opportunity, by leveraging internationally recognized cyber risk management frameworks and their standard taxonomies and terminology. Such frameworks, including ISO/IEC 27103, provide a foundational security baseline that facilitates interoperability and cross-sector and cross-border coordination.

    This paper describes how international, national, and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users. It also reflects the collective experience of Coalition to Reduce Cyber Risk (CR2) members that have worked with governments and internally to implement cyber risk management programs across dynamic global infrastructures and operations. We have learned that the adoption of globally recognized frameworks, standards, and approaches helps companies manage and evaluate security at scale and focus on protecting their customers. Many of those cyber risk management approaches harness common security principles, desired outcomes, and controls through frameworks and sector-specific profiles.

    Read the Complete White Paper (PDF) Mouseover and Scroll

    CR2 White Paper on Seamless Security - February 2020

    Read the original white paper on Seamless Security

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    The Tip of the Iceberg? New ENISA Report on the Threat Landscape for Ransomware Attacks

    According to ENISA, this threat landscape report analyzed a total of...

    Consumers Paying the Price? Cost of a Data Breach Hits Record High According to New IBM Report

    According to IBM Security, the annual Cost of a Data Breach Report...

    Safeguarding ePHI? NIST Updates Guidance for Health Care Cybersecurity

    This new NIST Special Publication aims to help educate readers about...

    Countering Threat Actors? Using Social Network Analysis for Cyber Threat Intelligence (CCDCOE)

    According to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)...

    Revenue Headwinds? KLDiscovery Inc. Announces Second Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The second quarter...

    Beyond Revenue? DISCO Announces Second Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “We are...

    Live with Leeds? Exterro Completes Recapitalization in Excess of $1 Billion

    According to the press release, with the support of a group...

    TCDI Completes Acquisition of Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “We chose Aon’s...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for July 2022

    From lurking business undercurrents to captivating deepfake developments, the July 2022...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Changing Currents? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2022

    In the summer of 2022, 54.8% of survey respondents felt that...

    Challenging Variants? Issues Impacting eDiscovery Business Performance: A Summer 2022 Overview

    In the summer of 2022, 28.8% of respondents viewed increasing types...

    Downshift Time? eDiscovery Operational Metrics in the Summer of 2022

    In the summer of 2022, 65 eDiscovery Business Confidence Survey participants...

    Counterattack in Crimea? Ukraine Conflict Assessments in Maps (August 8 – 12, 2022)

    According to a recent update from the Institute for the Study...

    Droning On? Ukraine Conflict Assessments in Maps (August 3 – 7, 2022)

    According to a recent update from the Institute for the Study...

    Assuaging Distress? Ukraine Conflict Assessments in Maps (July 29 – August 2, 2022)

    According to a recent update from the Institute for the Study...

    Momentum Challenges? Ukraine Conflict Assessments in Maps (July 24 – 28, 2022)

    According to a recent update from the Institute for the Study...