GSN_Apr_FINAL+links
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Cyber Threats & Solutions<br />
(ISC)² delivers cybersecurity workforce<br />
recommendations to White House Chief of Staff<br />
Imperva executive urges U.S. companies<br />
to evaluate pending EU cyber regulation<br />
ALEXANDRIA, VA, <strong>Apr</strong>il 19, 2017<br />
– (ISC)2® today announced a set of<br />
recommendations for the Trump<br />
Administration to consider as it approaches<br />
its 100th day in office. The<br />
recommendations were delivered<br />
to White House Chief of Staff and<br />
others on President Trump’s team in<br />
order to urge prioritization of workforce<br />
development within the pending<br />
cybersecurity executive order<br />
and beyond.<br />
During a December 2016 gathering<br />
sponsored by the (ISC)2 U.S.<br />
Government Advisory Council<br />
(USGAC), participants, including<br />
former Federal Chief Information<br />
Security Officer (CISO) Gregory<br />
Touhill and federal agency CISOs<br />
and executives, discussed transition<br />
planning from the cybersecurity<br />
workforce perspective. The following<br />
is an abridged list of areas that<br />
(ISC)2 has since identified as critical<br />
for the new administration to<br />
address. An expanded list can be<br />
viewed in today’s (ISC)2 blog post.<br />
– Time Is of The Essence. The<br />
widespread and damaging effects of<br />
cyber threats are revealed on a daily<br />
basis. At the same time,<br />
the demand for skilled<br />
cybersecurity workers is<br />
rapidly increasing.<br />
– Consider the Progress<br />
Already Made. Cybersecurity<br />
is a bi-partisan issue. Critical<br />
work has been done over the last<br />
eight years to advance the cybersecurity<br />
workforce.<br />
– Harden the Workforce. Everyone<br />
must learn cybersecurity. We<br />
have to break the commodity focus<br />
of simply buying technology and<br />
stopping there, without focusing on<br />
training all users.<br />
– Incentivize Hiring and Retention.<br />
In today’s world, a sense of<br />
mission doesn’t always override<br />
good pay — incentives work.<br />
– Prioritize Investment in Acquisition,<br />
Legal and Human Resources<br />
(HR) Personnel. Acquisition, legal<br />
and HR professionals are essential<br />
players within the federal cybersecurity<br />
ecosystem.<br />
– Prevent Getting Lost in Translation.<br />
The government needs effective<br />
communicators who can<br />
translate technical risk to business<br />
leaders.<br />
– Civil Service Reform. The civil<br />
service system is broken and does<br />
not meet the government’s needs.<br />
– Compliance Does Not Equal Security.<br />
Embrace Risk Management.<br />
In the government’s quest for cyber<br />
resiliency, a risk management perspective<br />
will be essential.<br />
– A Standard Cyber Workforce<br />
Lexicon. Once finalized, the NICE<br />
Cybersecurity Workforce Framework<br />
should provide an excellent resource<br />
for workforce development.<br />
“In a recent congressional hearing,<br />
(ISC)2 had the opportunity to<br />
present these recommendations in<br />
an effort to advocate for our members<br />
and the broader cybersecurity<br />
profession during the presidential<br />
transition and beyond,” said Dan<br />
Waddell, (ISC)² managing director,<br />
North America Region. “Significant<br />
progress has been made over the<br />
past decade to advance the federal<br />
More on page 44<br />
REDWOOD SHORES, CA <strong>Apr</strong>il<br />
27, 2017 Imperva, Inc. (NASDAQ:<br />
IMPV), committed to protecting<br />
business-critical data and applications<br />
in the cloud and on-premises,<br />
today announced the results of a<br />
survey on the current state of company<br />
preparedness for the European<br />
General Data Protection Regulation<br />
(GDPR). The survey of 170 security<br />
professionals was taken at RSA<br />
2017, the world’s largest security<br />
conference.<br />
GDPR protects the privacy of European<br />
citizens and applies to all<br />
businesses that hold and process<br />
personal data collected in the European<br />
Union, regardless of their industry<br />
or location. It becomes effective<br />
on May 25, 2018. Organizations<br />
are focusing on GDPR compliance<br />
because fines for certain violations<br />
may be up to the greater of €20 million<br />
or four percent of total worldwide<br />
annual turnover. Companies<br />
with significant revenue could face<br />
billions of dollars in fines.<br />
According to the survey, 51 percent<br />
of respondents said GDPR<br />
would impact their companies,<br />
nearly a third of the respondents<br />
didn’t see the GDPR regulations<br />
impacting them, while 11 percent<br />
were unsure if GDPR would impact<br />
their companies and 5 percent<br />
were not familiar with<br />
GDPR.<br />
The survey also showed<br />
an overall lack of urgency<br />
among the IT professionals<br />
surveyed with 43 percent<br />
of respondents indicating<br />
that they are evaluating or<br />
implementing change in preparation<br />
for GDPR, 29 percent indicating<br />
that they were not preparing,<br />
and another 28 percent signifying<br />
that they were unaware of specific<br />
preparations.<br />
“U.S. companies should be evaluating<br />
the impact GDPR will have on<br />
their data practices, given the major<br />
fines for non-compliance,” said<br />
Terry Ray, chief product strategist at<br />
Imperva.<br />
“Companies need to begin the<br />
GDPR legwork now by documenting<br />
how personal data is collected<br />
and processed in their organizations.<br />
From what we’ve seen in<br />
working with our clients on GDPR<br />
readiness, the projects are complex<br />
36 37<br />
Terry Ray<br />
and involve multiple teams, technologies<br />
and systems.”<br />
In asking survey respondents<br />
about who is driving GDPR<br />
compliance in their organization,<br />
49 percent of survey<br />
respondents cited their organization’s<br />
legal department,<br />
while 8 percent said<br />
the IT department is managing<br />
the process.<br />
Imperva provides data<br />
discovery and classification tools,<br />
user access controls, data masking,<br />
data breach detection, data transfer<br />
controls and other data compliance<br />
solutions that can assist organizations<br />
in their GDPR compliance efforts.<br />
To learn how Imperva helps<br />
organizations prepare for GDPR,<br />
visit http://bit.ly/2ouojYO.<br />
Survey Methodology<br />
Conducted Feb. 13-17, at RSA<br />
Conference 2017, the trade show<br />
with the largest concentration of security<br />
professionals, the in-person<br />
survey is based on responses from<br />
170 attendees including IT professionals,<br />
managers and executives<br />
from the U.S. (77 percent), EMEA<br />
More on page 43