Regulating IT: The Two Most Important IT Security Takeaways from Cyber Regulations

RegulationsThe biggest challenge facing most companies today is IT security. The seemingly endless increase in cyber-attacks and password breaches are only the tip of the iceberg. A tightening of all regulations and compliance requirements around IT Security, foreign conflicts that are now affecting the average consumer, and the increase in the number of networkable devices all amount to a need for an organization to reevaluate and reprioritize IT risk and security spending.
Cyber-regulation is here, and here to stay. With the increase in Advanced Persistent Threats to traditionally consumer-oriented organizations, to an expanding role of networkable devices in virtually every sector, it’s critical for managers and leaders to understand the various cyber-related federal regulations, including the takeaways that all organizations can benefit from when properly implementing them.
Although compliance does not in itself guarantee security, it’s a good starting point, especially when combined with the myriad of best practices and guidelines that regulate most industries. There are many regulatory groups and policies, including the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), IEC 61850, and ISA99, which each focuses on securing a specific industry. While many of those standards are voluntary, regulations like NERC CIP are not. These mandatory regulations are making major changes that companies will need to quickly comprehend and comply with if they are going to avoid painful government citations and fines.
Seeking to avoid having the impending requirements forced on them by law, a growing number of companies are moving towards voluntarily adopting and complying to a general IT security regulation like the Federal Information Security Management Act of 2002 (FISMA).

Policies and procedures:

Regulations like FISMA can help organizations establish the policies and procedures designed to reduce information security risks in a cost-effective manner. More importantly, this includes creating a routine approach towards policies like password management, which plays a critical role in an organization’s information security health throughout the year. These benefits also include periodic risk assessments that evaluate the potential damage and disruption caused by unauthorized access, plus procedures for detecting, reporting, and responding to security incidents. In addition to assessment, business continuity plans can be designed to confirm the resilience of information systems supporting an organization’s operations and assets.

Training and Awareness:

Security awareness training for employees and vendors is a crucial element of proper enterprise security planning. Such topics covered should include security risks associated with day to day activities, proper password security and the dangers of reusing passwords.
It’s our adherence to sound principles like these that has led us to create our solutions with features such as native password history capabilities within Access Manager. We focus on these types of features because security starts with your password, and it only takes one breach to seriously compromise an entire organization.
This Blog was brought to you by Nervepoint Technologies and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Nervepoint Technologies, a leader in Password Self-Service solutions.
LogonBox Password Self Service