Articles

With supply chain security grabbing headlines, NIST sees new…

lead centered=”no”Supply chain is sexy again, and NIST hopes that means more companies take its supply chain risk guidance seriously./lead

Cybersecurity in the supply chain is a dense, massively complicated topic that lies beyond the comprehension of all but a few dedicated experts. It has nonetheless risen to the top of security challenges organizations face today. “Supply chain is the new black. Supply chain is sexy again. That’s kind of hard to imagine,” said Jon Boyens, manager, security engineering and risk management at the National Institute of Standards and Technology (NIST). Boyens, who manages cybersecurity supply chain efforts at the National Institute of Standards and Technology (NIST), made that comment during a plenary session at NIST’s Cybersecurity Risk Management Conference.

NIST’s long history with supply chain risk

NIST is an old hand at supply chain outside the cybersecurity realm, starting decades ago when it began developing guidance for managing risk in global industrial and defense supply chains. “Supply chain is the most mature in its gestation because we’ve had all sorts of permutations along the way. This is an old topic for defense organizations,” says Matt Barrett, NIST’s Cybersecurity Framework lead.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Why NIST’s privacy framework could help security efforts

lead centered=”no”Although many people, even some cybersecurity practitioners, tend to conflate data security and data privacy as one and the same, privacy experts see them as two different, often contradictory, yet frequently overlapping objectives./lead

Although many people, even some cybersecurity practitioners, tend to conflate data security and data privacy as one and the same, privacy experts see them as two different, often contradictory, yet frequently overlapping objectives.

“We look at it as a Venn diagram,” Naomi Lefkovitz, privacy engineering program head at the National Institute of Standards and Technology (NIST), said during a plenary session here at NIST’s Cybersecurity Risk Management conference.

Lefkovitz is spearheading NIST’s initiative to create a Privacy Framework, along the lines of NIST’s successful Cybersecurity Framework, which could help pave the way toward the development of trustworthy information systems that protect privacy. From the Venn diagram perspective, the protection of individual privacy cannot be achieved by merely securing personally identifiable information (PII) because security risks arise from unauthorized system behavior while privacy risks arise as a byproduct of authorized PII. The area where security concerns overlap privacy concerns is the only area where true PII privacy currently occurs.

(This article appeared in Cyberscoop. Please read the rest of the article here.)