Cyberspace has no borders, prompting government agencies and industry peers to develop collaborative strategies and frameworks to protect data and networks and detect and recover from breaches. However, according to IBM, adopting those frameworks presents a challenge to cybersecurity leadership, as “organizations struggle to develop and maintain the necessary cybersecurity talent to detect, prevent and respond to advanced attacks.”
The talent-gap impact is reflected in a recent study that found nearly 3 out of 4 companies surveyed reported cyberbreaches in 2019. The same survey found that almost 70% attributed the security failures to their inability to recruit, hire and retain security professionals.
How Do Professionals Prepare for Future-proof Careers in Cybersecurity?
Implementing cybersecurity frameworks (CSF) at the organizational level requires security professionals who understand concepts and principles of threats, vulnerabilities and controls. An advanced degree program that provides foundational cybersecurity skills helps professionals meet industry demand.
The University of Illinois Springfield (UIS) online Master of Science (MS) Cybersecurity Management program offers an Information Security course that provides this foundational expertise. The program dives into evolving issues surrounding governance and strategic policy creation, risk management and contingency planning. Graduates are equipped for top-level roles such as chief information security officer and cybersecurity management consultant.
Who Develops Collaborative Strategies for Mitigating Cyber Risks?
Dozens of global private-public partnerships establish CSF blueprints and provide organizations with best practices to assess their current security policies and processes, measure their effectiveness and identify vulnerabilities and opportunities for improvement. Framework adoption is voluntary, however.
Some governments — notably the European Union, North Korea and the People’s Republic of China — have stringent internet regulations separate from CSF. The National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, recently released an update to its existing framework. The new CSF 2.0 comprises a library of reference material that organizations can tailor to suit their cybersecurity needs. The adaptability also helps prepare for compliance and other IT audits.
“The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication,” NIST notes.
The agency emphasizes how the advanced framework strengthens its existing recommendations to enable organizations to:
- Identify, assess and prioritize cybersecurity risks more effectively
- Allocate resources more efficiently to optimize risk management processes
- Build dynamic threat-detection, response to breaches and recovery from them
- Communicate within the organization and with business partners
- Improve stakeholder understanding and engagement
- Drive ongoing optimization by leveraging its flexible, adaptive structure
The shift to NIST CSF 2.0 “can be transformative for organizations of various sizes and sectors. It highlights the need for a strong cybersecurity stance in line with contemporary challenges and technological advancements,” according to Drata.
Why Are Organizations Adopting Proactive Incident Response and Cyberattack Preparedness Policies?
Cybercriminals’ global reach and success in exploiting targeted vulnerabilities have meant security professionals consider breaches inevitable. Frameworks, therefore, are placing additional emphasis on detecting and recovering from attacks on databases, networks, system files, configurations, user files, application code and customer data.
For instance, the National Cybersecurity Center of Excellence (NCCoE) collaborated with private sector enterprises to test data integrity challenges and model the NIST framework’s potential for detecting, mitigating and containing intrusions. The model provides guidance for establishing preparedness and incident response policies that:
- Develop an enterprise-wide understanding of reducing cyber risk to systems, assets, data and people
- Implement safeguards that ensure delivery of critical digital services
- Establish policies and procedures at all organizational levels to identify breaches
- Educate all personnel on channels for reporting cybersecurity incidents
- Develop and implement strategies for business continuity in the aftermath of a breach
“Applying the Cybersecurity Framework to data integrity, this practice guide informs organizations of how to quickly detect and respond to data integrity attacks by implementing appropriate activities that immediately inform about the data integrity events,” the NCCOE explains.
The online MS Cybersecurity Management program from UIS gives students the detection and response skills to protect their organizations from cyberthreats.
Learn more about the University of Illinois Springfield’s online Master of Science Cybersecurity Management program.
