A new cybersecurity framework unveiled by the Obama administration seeks to manage growing cyber risks, but industry groups warned that the number of qualified security specialists continues to lag behind threats to critical infrastructures.
“The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes,” the NIST report states. It also seeks to enable “organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.”
Industry groups praised the effort but noted that security professionals still aren’t equipped to cope with rapidly evolving cyber threats. “The lack of qualified information security professionals with the skills and knowledge to create, understand and implement such programs remains an area of improvement that must be further addressed,” W. Hord Tipton, executive director of the information security group(ISC)2, said in a statement.
“The success of the Cybersecurity Framework will depend on how quickly and effectively the area of workforce shortage is addressed,” Tipton added.
No comments:
Post a Comment