This year at RSA 2018, NTT Security is discussing the National Institute of Standards and Technology’s (NIST) updated Framework for Improving Critical Infrastructure Cybersecurity and the ISO framework to help security professionals gain a better grasp on how to harmonize frameworks and manage risk.
The company’s firsthand knowledge of the new NIST framework emanates from Shinichi Yokohama, Head of Cyber Security Integration at NTT Corporation, who played a significant role in making recommendations for the new proposed guidelines. Mr. Yokohama has also been actively internationalizing the new NIST framework through numerous workshops for global enterprise companies and government agencies.
As the resident expert on NIST at NTT, Mr. Yokohama commented, “CISOs are constantly searching for the latest tools and framework to help them implement a more proactive and structured approach to cybersecurity. NIST is more focused on risk management best practices, where ISO is essentially a compliance-based framework. Our goal is to help CISOs and our industry partners understand the impact of implementing the NIST framework, which can potentially encompass an 18-month process for an Enterprise.”
One of the challenges in adapting to the new suggested guidelines for improved cybersecurity is navigating the differences between the new NIST framework and ISO 27001/1. A Peer2Peer session at RSA entitled, “Plan on Moving from ISO 27001/2 to NIST CSF? How? When?” presented by John Petrie, Global CISO for NTT Security, is being hosted here at RSA on Wednesday, April 18th to facilitate in-depth conversations between security professionals on this topic.
Additionally, NTT Security is delivering a regularly scheduled presentation in its RSA booth (#1315) throughout the course of the show entitled, “Managing Risk, Not Just Regulation” to further educate attendees on how they can best navigate these compliance frameworks to build a better risk framework for cybersecurity.
“NTT’s involvement with NIST is just another prime example of how we are formulating the new science of cybersecurity with numerous new initiatives built on higher levels of customer engagement, regionalization, unprecedented support from our global threat intelligence network and industry-leading R&D,” said Khiro Mishra, CEO, NTT Security Americas.
After extensive coordination with the public and private sectors such as NTT Corporation, NIST released the latest draft of its Framework for Improving Critical Infrastructure Cybersecurity in December 2017. The latest draft includes several essential changes to existing guidelines, especially concerning organizations’ self-assessment of cybersecurity risks affecting authorization, authentication, identity proofing and disclosure of vulnerabilities. As a stand-alone reference, the framework offers a common and understandable lexicon for cybersecurity risk management: Identify, Protect, Detect, Respond and Recover.
According to NIST, the newest framework is simply guidance for critical infrastructure organizations to voluntarily implement based on existing standards, guidelines and best practices. This new second draft is fully compatible with Version 1.0 and can be used as the basis for communication between organizations.