RSAC Overwhelming? NIST and CForum Offer a Framework for Battling Cybersecurity

April 28, 2015 |
Decorative image of padlock

The RSA Conference can be overwhelming. With hundreds of sessions and more than 400 exhibitors, there is enough going on to make even seasoned security professionals’ heads spin. The show dynamics mirror an industry that is growing exponentially and now provides a dizzying array of solutions for security and IT professionals to consider and an equally dizzying set of standards for companies to adhere to.

In this environment, how do companies avoid a whack-a-mole approach to securing important IP, personally identifiable information (PII), and more from both insider and external threats? And how can they ensure they are complying with all of the best practices and standards that are required of them?

This was a key problem discussed at a session on the final day of RSA last week called “A community driven solution to cybersecurity challenges.”

To illustrate the problem, there are more than 450 commonly used standards and practices worldwide that organizations, depending on their industry affiliations, may want to consider before buying solutions that meet their needs. Add to this the confusion created by multiple frameworks often used in parallel in companies, resulting in misaligned reports and internal strife.

In an attempt to provide a flexible solution, in response to the President’s Executive Order, on February 12, 2014, the National Institute of Standards and Technology (NIST) issued the Framework for Improving Critical Infrastructure Cybersecurity based on extensive public input through a series of NIST-hosted workshops. It is meant to offer a flexible approach that can be integrated with other risk and compliance management frameworks. Its purpose also includes helping those organizations with inconsistent risk management practices or limited resources to take a step in the right direction.

CForum expands on the information sharing that occurred during the development of the Cybersecurity Framework, released by NIST. The not-for-profit CForum is a nascent effort to provide a way for organizations in key verticals to exchange best practices, information and share their approaches to using the newly created framework. RSA, the security division of EMC (NYSE:EMC), has joined CForum as a founding member, and provides additional credibility. There are case studies from Intel and The American Water Works Association and additional support from G2, ISACA, Council on Internet Security, and Department of Homeland Security.

As your organization considers a best practice approach to your security strategy, and tools to secure your environment, the NIST framework and forum may help you focus your organization’s approach.

As you go through this process, you’ll want to consider Cryptzone’s dynamic, context-aware network, application and content security solutions. Cryptzone’s AppGate provides an in-depth approach for managing privileged user access that is easy to deploy and takes both context and identity into consideration before granting access. AppGate begins with strong identification using two-factor authentication, such as one-time passwords (OTP) and creates secure, service-specific tunnels to authorized applications and resources based on a context-aware understanding of a user’s attributes including their role, location and device. Most importantly, it renders non-authorized resources invisible and inaccessible to the user to limit damage from outside and inside threats.

Because cybercriminals routinely acquire privileged user credentials to launch their attacks, AppGate should be considered a cornerstone solution for securing access to networks and services, regardless of the security framework you use. Find out more about AppGate.

Back to Blog Home

Philip Marshall

As Cryptzone’s Director of Product Marketing, Phil Marshall brings over 14 years of experience in both product and services marketing as well as 10 + years experience in the high-tech publishing space with publications including Dr. Dobb’s Journal and Byte magazine. Prior to joining Cryptzone, Phil worked at security firms Rapid7, Positive Technologies and RSA. He also was a Senior Product Marketing Manager at Black Duck, the leading open source governance and management firm.

A speaker at recent (ISC)2 conferences and ISACA, he’s participated in numerous webinars, in panel discussions and presented on topics including Identity Security, Application Security and Open Source Governance and Management.

Marshall earned a BA at Bates College and an MBA, cum laude, at the F.W. Olin Graduate School of Business at Babson College.

Leave a Reply

Your email address will not be published. Required fields are marked *