Explore CISA's 37 steps to minimum cybersecurity – Cybersecurity Dive




The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
Editor’s note: This article is part of a series delving into CISA’s cybersecurity performance goals. You can also read about how security experts are responding to the goals and what sectors CISA is trying to protect
The Cybersecurity and Infrastructure Security Agency released its long-awaited, cross sector cybersecurity performance goals Thursday, in a bid to raise the security baselines. Far from esoteric, the efforts listed are meant to serve as a broadly-digestible roadmap to minimum operational security.
The 37 voluntary goals span the technical and the tactical, weighing the cost, complexity and impact of security initiatives. But they are not exhaustive and do not capture all that is required to protect critical infrastructure security. 
The goals “capture a core set of cybersecurity practices with known risk-reduction value broadly applicable across sectors,” CISA said.
CISA placed a premium on low cost, high impact security efforts, which accounts for more than 40% of the goals. 
Setting a minimum password strength, for example, can mitigate password spraying or credential stuffing. It’s a particularly important goal for those organizations without multifactor authentication or the ability to defend brute-force attacks. 
Password-related policies are also entry-level security initiatives, albeit ones that can have a large impact. CISA also highlighted the need to fill leadership gaps by appointing organizational cybersecurity leadership, someone who can make implementing other goals more realistic.
CISA categorizes just three initiatives as high cost, high impact and highly complex: prohibiting the connection of unauthorized devices; third-party validation of the effectiveness of cyber controls; and network segmentation.
The agency plans to reevaluate the goals throughout the year, taking industry input into consideration for potential changes. Explore the 37 goals below. 
Get the free daily newsletter read by industry experts
Rates continue to soar, but Marsh research shows the pace of increases is slowing. 
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Rates continue to soar, but Marsh research shows the pace of increases is slowing. 
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top