I was at the Gartner Security and Risk Management Summit at the Gaylord National Harbor and had the opportunity to attend the session, “Finding the Sweet Spot to Balance Cyber Risk,” which Tammie Leith was facilitating.
During the session, the panel had been discussing how the senior leadership teams address the problem of putting their signatures against the risk that cyber threats pose to their organizations. Tammie Leith made a point to the effect that it is just as important for our teams to tell us why we should not accept or acknowledge those risks so that we can increase investments to mitigate those risks.
What caught my attention was that the senior management teams are beginning to question the technical teams on whether or not appropriate steps have been taken to minimize the risks to the corporation. The CxO (senior leadership team that has to put their signature on the risk disclosure documents) teams are no longer comfortable with blindly assuming the increasing risks to the business from cyber threats.
To make matters worse, the CxO teams and the IT security teams generally speak different languages in that they are both using terms with meanings relevant to their specific roles in the company. In the past, this has not been a problem because both teams were performing very critical and very different functions for the business. The CxO team is focused on revenue, expenses, margins, profits, shareholder value, and other critical business metrics to drive for success. The IT security teams, on the other hand, are worried about breaches, data loss prevention, indications of compromise, denial of services attacks and more in order to keep the cyber attackers out of the corporate network. The challenge is that both teams use the common term of risk, but in different ways. Today’s threat environment has forced the risk environment to blend. Sophisticated targeted attacks and advanced polymorphic malware affect a business’s bottom line. Theft of critical information, such as credit card numbers, health insurance records, and social security numbers, result in revenue losses, bad reputation, regulatory fines, and lawsuits. Because these teams have not typically communicated very well in the past, how can we ensure that they have a converged meaning for risk when they are speaking different “languages”?
Read More »
Tags: cyber, NIST, risk, security
It is one thing to recognize cyber threats and their potential to disrupt entire companies, agencies and institutions. It is another thing to do something about it. In light of recent threats we cannot sit still and wait for the next one.
On February 18, I was honored to join Governor O’Malley, Senator Mikulski, NIST director Pat Gallagher, and Montgomery County Chief Executive Ike Leggett in the partnership agreement signing ceremony to expand the National Cybersecurity Center for Excellence in Montgomery County. Federal and Maryland officials signed the agreement with the National Institute of Standards and Technology in Gaithersburg to develop new cybersecurity technology and educational opportunities. Read More »
Tags: Cisco, cybersecurity, govtech, IT, NIST
I had the pleasure of attending the inaugural signing of National Cybersecurity Excellence Partnership agreements yesterday. Key stakeholders in attendance included National Security Agency Director, General Keith Alexander, Senator Barbara Mikulski, Dr. Pat Gallagher of the National Institute of Standards and Technology (NIST), Maryland Governor Martin O’Malley, and several members of the Cisco team.
Established in 2012 through a partnership between NIST, the State of Maryland, and Montgomery County, the National Cybersecurity Center of Excellence (NCCoE) was conceived to advance innovation through the rapid identification, integration, and adoption of practical cybersecurity solutions. NCCoE collaborates with industry leaders through its National Cybersecurity Excellence Partnership (NCEP) initiative to develop real-world cybersecurity capabilities.
As a NCEP member and key collaborator, Cisco is dedicated to furthering the mission of securing cyberspace for all. As part of this ongoing commitment, Cisco has launched the Threat Response, Intelligence and Development organization, focusing key resources around cyber security, threat mitigation and network defense for our customers. Read a blog from our CSO John Stewart about this new organization and its charter here. Read More »
Tags: Cisco Security, cybersecurity, National Cybersecurity Center of Excellence, NCEP, NIST
The Global Certification Team is proud to announce that the Cisco Aggregate Services Routers (ASR) 9000 series have completed USGv6 Certification on software version 4.2.1 or later, with USGv6 SMU. The details of the certification can be found at https://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php?company=7&type=Router.
The Cisco ASR 9000 system incorporates innovative technologies such as Cisco Network Virtualization (nV) technology, which intelligently blends the edge, aggregation, and access points to simplify operation and accelerate IPv6 services. Two new nV enabled platforms provide additional flexibility and support to optimize service delivery. More information can be found at Cisco.com
Get up to the minute updates on Cisco product certifications from the official GCT twitter, @CiscoCertTeam!
Tags: aggregated, asr 9000, ASR9000, certifications, IPv6, NIST, router, services, USGv6
The Global Certification Team is proud to announce the FIPS 140-2 Crypto certification of the 6900 and 7900 Series IP Phones.
The phones received FIPS certificate #1647 for Models 6901 and 6911 and Certificate #1650 for 6921, 6941, 6945, and 6961. Finally the 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE, and 7975G were awarded FIPS certificate #1689.
Take full advantage of converged voice and data networks while retaining the convenience and user-friendliness you expect from a business phone. Cisco Unified IP Phones can help improve productivity by meeting the needs of users throughout your organization. Advanced media endpoints in this innovative suite of Cisco Unified IP Phones enhance the end-user experience.
6900 Series on Cisco.com
7900 Series Phones on Cisco.com
FIPS-140 is a US and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as “the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.” The cryptographic module is what is being validated.
Tags: 6900, 6901, 6911, 6921, 6941, 6945, 6961, 7900, 7906, 7911, 7931, 7941, 7942, 7945, 7961, 7962, 7965, 7970, 7971, 7975, Cisco, cmvp, crypto, cryptography, fips, FIPS 140-2, ip, NIST, phone, srtp, unified