NTT Security is discussing the National Institute of Standards and Technology’s (NIST) updated Framework for Improving Critical Infrastructure Cybersecurity and the ISO framework to help security professionals gain a better grasp on how to harmonize frameworks and manage risk.
The company’s firsthand knowledge of the new NIST framework emanates from Shinichi Yokohama, Head of Cyber Security Integration at NTT Corporation, who played a significant role in making recommendations for the new proposed guidelines.
Mr. Yokohama has also been actively internationalizing the new NIST framework through numerous workshops for global enterprise companies and government agencies.
As the resident expert on NIST at NTT, Mr. Yokohama commented, “CISOs are constantly searching for the latest tools and framework to help them implement a more proactive and structured approach to cybersecurity. NIST is more focused on risk management best practices, where ISO is essentially a compliance-based framework. Our goal is to help CISOs and our industry partners understand the impact of implementing the NIST framework, which can potentially encompass an 18-month process for an Enterprise.”
One of the challenges in adapting to the new suggested guidelines for improved cybersecurity is navigating the differences between the new NIST framework and ISO 27001/1. A Peer2Peer session at RSA entitled, “Plan on Moving from ISO 27001/2 to NIST CSF? How? When?” presented by John Petrie, Global CISO for NTT Security, is being hosted here at RSA on Wednesday, April 18th to facilitate in-depth conversations between security professionals on this topic.
Additionally, NTT Security is delivering a regularly scheduled presentation in its RSA booth (#1315) throughout the course of the show entitled, “Managing Risk, Not Just Regulation” to further educate attendees on how they can best navigate these compliance frameworks to build a better risk framework for cybersecurity.
“NTT’s involvement with NIST is just another prime example of how we are formulating the new science of cybersecurity with numerous new initiatives built on higher levels of customer engagement, regionalization, unprecedented support from our global threat intelligence network and industry-leading R&D,” said Khiro Mishra, CEO, NTT Security Americas.
NIST released the latest draft of its Framework for Improving Critical Infrastructure Cybersecurity in December 2017.
The latest draft includes several essential changes to existing guidelines, especially concerning organizations’ self-assessment of cybersecurity risks affecting authorization, authentication, identity proofing and disclosure of vulnerabilities.
NTT Security is the specialized security company and the center of excellence in security for NTT Group. With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs.Source: nttsecurity.com