GSN_Apr_FINAL+links

Cyber Threats & Solutions
(ISC)² delivers cybersecurity workforce
recommendations to White House Chief of Staff
Imperva executive urges U.S. companies
to evaluate pending EU cyber regulation
ALEXANDRIA, VA, April 19, 2017
– (ISC)2® today announced a set of
recommendations for the Trump
Administration to consider as it approaches
its 100th day in office. The
recommendations were delivered
to White House Chief of Staff and
others on President Trump’s team in
order to urge prioritization of workforce
development within the pending
cybersecurity executive order
and beyond.
During a December 2016 gathering
sponsored by the (ISC)2 U.S.
Government Advisory Council
(USGAC), participants, including
former Federal Chief Information
Security Officer (CISO) Gregory
Touhill and federal agency CISOs
and executives, discussed transition
planning from the cybersecurity
workforce perspective. The following
is an abridged list of areas that
(ISC)2 has since identified as critical
for the new administration to
address. An expanded list can be
viewed in today’s (ISC)2 blog post.
– Time Is of The Essence. The
widespread and damaging effects of
cyber threats are revealed on a daily
basis. At the same time,
the demand for skilled
cybersecurity workers is
rapidly increasing.
– Consider the Progress
Already Made. Cybersecurity
is a bi-partisan issue. Critical
work has been done over the last
eight years to advance the cybersecurity
workforce.
– Harden the Workforce. Everyone
must learn cybersecurity. We
have to break the commodity focus
of simply buying technology and
stopping there, without focusing on
training all users.
– Incentivize Hiring and Retention.
In today’s world, a sense of
mission doesn’t always override
good pay — incentives work.
– Prioritize Investment in Acquisition,
Legal and Human Resources
(HR) Personnel. Acquisition, legal
and HR professionals are essential
players within the federal cybersecurity
ecosystem.
– Prevent Getting Lost in Translation.
The government needs effective
communicators who can
translate technical risk to business
leaders.
– Civil Service Reform. The civil
service system is broken and does
not meet the government’s needs.
– Compliance Does Not Equal Security.
Embrace Risk Management.
In the government’s quest for cyber
resiliency, a risk management perspective
will be essential.
– A Standard Cyber Workforce
Lexicon. Once finalized, the NICE
Cybersecurity Workforce Framework
should provide an excellent resource
for workforce development.
“In a recent congressional hearing,
(ISC)2 had the opportunity to
present these recommendations in
an effort to advocate for our members
and the broader cybersecurity
profession during the presidential
transition and beyond,” said Dan
Waddell, (ISC)² managing director,
North America Region. “Significant
progress has been made over the
past decade to advance the federal
More on page 44
REDWOOD SHORES, CA April
27, 2017 Imperva, Inc. (NASDAQ:
IMPV), committed to protecting
business-critical data and applications
in the cloud and on-premises,
today announced the results of a
survey on the current state of company
preparedness for the European
General Data Protection Regulation
(GDPR). The survey of 170 security
professionals was taken at RSA
2017, the world’s largest security
conference.
GDPR protects the privacy of European
citizens and applies to all
businesses that hold and process
personal data collected in the European
Union, regardless of their industry
or location. It becomes effective
on May 25, 2018. Organizations
are focusing on GDPR compliance
because fines for certain violations
may be up to the greater of €20 million
or four percent of total worldwide
annual turnover. Companies
with significant revenue could face
billions of dollars in fines.
According to the survey, 51 percent
of respondents said GDPR
would impact their companies,
nearly a third of the respondents
didn’t see the GDPR regulations
impacting them, while 11 percent
were unsure if GDPR would impact
their companies and 5 percent
were not familiar with
GDPR.
The survey also showed
an overall lack of urgency
among the IT professionals
surveyed with 43 percent
of respondents indicating
that they are evaluating or
implementing change in preparation
for GDPR, 29 percent indicating
that they were not preparing,
and another 28 percent signifying
that they were unaware of specific
preparations.
“U.S. companies should be evaluating
the impact GDPR will have on
their data practices, given the major
fines for non-compliance,” said
Terry Ray, chief product strategist at
Imperva.
“Companies need to begin the
GDPR legwork now by documenting
how personal data is collected
and processed in their organizations.
From what we’ve seen in
working with our clients on GDPR
readiness, the projects are complex
36 37
Terry Ray
and involve multiple teams, technologies
and systems.”
In asking survey respondents
about who is driving GDPR
compliance in their organization,
49 percent of survey
respondents cited their organization’s
legal department,
while 8 percent said
the IT department is managing
the process.
Imperva provides data
discovery and classification tools,
user access controls, data masking,
data breach detection, data transfer
controls and other data compliance
solutions that can assist organizations
in their GDPR compliance efforts.
To learn how Imperva helps
organizations prepare for GDPR,
visit http://bit.ly/2ouojYO.
Survey Methodology
Conducted Feb. 13-17, at RSA
Conference 2017, the trade show
with the largest concentration of security
professionals, the in-person
survey is based on responses from
170 attendees including IT professionals,
managers and executives
from the U.S. (77 percent), EMEA
More on page 43