In most countries and economic sectors, organizations have traditionally faced few cybersecurity regulations. However, as the cybersecurity threat has worsened and the dependence on IT has grown, nations are increasingly turning to regulation as a method to improve their security. Yet, implementing effective regulations is not easy and governments could easily cause more harm than good. This article lays out five principles governments should follow to create more effective regulations: creating standards of care that vary by industry, criticality, and size; limiting complexity in any regulations; reallocating the security burden to the organizations in the ecosystem best positioned to handle it; avoiding zero-tolerance for failure; and harmonizing the rules across industries and jurisdictions whenever possible. Following these principles would produce regulations more likely to achieve the desired outcome of a more secure digital ecosystem.
Author: Michael Daniel
Cyber Incident Reporting Framework: Global Edition
Last fall, multiple industry organizations led by the Cyber Threat Alliance (CTA) and the Institute for Security and Technology (IST) came together to provide input regarding cyber incident reporting for US entities This group identified a set of principles and developed a model reporting format that the Cybersecurity [...]