Articles

Why NIST’s privacy framework could help security efforts

lead centered=”no”Although many people, even some cybersecurity practitioners, tend to conflate data security and data privacy as one and the same, privacy experts see them as two different, often contradictory, yet frequently overlapping objectives./lead

Although many people, even some cybersecurity practitioners, tend to conflate data security and data privacy as one and the same, privacy experts see them as two different, often contradictory, yet frequently overlapping objectives.

“We look at it as a Venn diagram,” Naomi Lefkovitz, privacy engineering program head at the National Institute of Standards and Technology (NIST), said during a plenary session here at NIST’s Cybersecurity Risk Management conference.

Lefkovitz is spearheading NIST’s initiative to create a Privacy Framework, along the lines of NIST’s successful Cybersecurity Framework, which could help pave the way toward the development of trustworthy information systems that protect privacy. From the Venn diagram perspective, the protection of individual privacy cannot be achieved by merely securing personally identifiable information (PII) because security risks arise from unauthorized system behavior while privacy risks arise as a byproduct of authorized PII. The area where security concerns overlap privacy concerns is the only area where true PII privacy currently occurs.

(This article appeared in Cyberscoop. Please read the rest of the article here.)

Articles

Why NIST is so popular in Japan

lead centered=”no”While organizations around the globe continue to grapple with chronic shortages of qualified cybersecurity workers, Japan is tackling the problem in a significant way by turning to two U.S. government technology frameworks to help manage its own information security manpower shortages./lead

Japanese industry has turned to the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and National Initiative for Cybersecurity Education (NICE) Workforce Framework in an effort to fill the unique cybersecurity skills gap characteristic of Japanese companies.

Masato Kimura, a manager in the cybersecurity R&D planning department at Japanese telecom giant NTT, said that the NIST workforce framework in particular plays a pivotal role in Japan due to the high level of reliance by Japanese companies on outsourced IT and cybersecurity personnel.

This article appeared in Cyberscoop. To read the rest of the article please visit here.