Much of the new cybersecurity strategy addresses critical infrastructure companies, which were already in the administration's crosshairs, but software creators are also facing the prospect of a much greater degree of liability than in the past.
If your current system isn’t capable of tracking and assessing different user variables online, chances are your business isn’t fully prepared to stop a determined attacker. What layers is your cybersecurity strategy missing?
To a great degree the strategic plan builds on the previously published CISA Strategic Intent and formalizes a number of cybersecurity strategy initiatives the agency is already well underway with.
With cybersecurity professionals spending as much as 30% of their time chasing down groundless reports of risky behavior or unauthorized data access, false positives are becoming a big problem for many organizations.
Three common problems regularly hold back cybersecurity strategies – not testing enough, not resolving or disclosing known vulnerabilities, and not having proper security programs in place to measure testing effectiveness.
The National Cybersecurity Strategy Implementation Plan (NCSIP) establishes 65 high-impact initiatives that agencies will be required to meet within set timelines for each. A greater degree of public-private partnership is also being promoted.