Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 資源 - 部落格資源 - 網路研討會資源 - 報告資源 - 活動icons_066 icons_067icons_068icons_069icons_070

Tenable 部落格

訂閱
  • Twitter
  • Facebook
  • LinkedIn

3 Qualifications Cyber Safety Review Board Members Must Have

3 Qualifications Cyber Safety Review Board Members Must Have

Expertise in security forensics, technology development and aligning cybersecurity with business goals are essential to advising federal policymakers following significant cyber incidents.

In May, President Joe Biden signed an executive order to address the barrage of cyber incidents and increasingly noisy attack surface that has overwhelmed both the public and private sectors in the United States this year. – 

One of President Biden’s recommendations is the creation of a Cyber Safety Review Board, modeled after the National Transportation Safety Board (NTSB). Similarly to how the NTSB is convened to make recommendations following major transportation safety incidents, the primary responsibility of the Cyber Safety Review board will be to convene after significant cyber incidents to assess them and make recommendations for improving cybersecurity and incident response practices and policy.

To make this board most effective, its members should be made up of cybersecurity experts with diverse experiences in the field — including security forensics experience, technical expertise and experience aligning cybersecurity with business objectives. Members should be prepared to offer insights into combatting and responding to potential threats, giving the federal government more clarity on the best ways to deter bad actors through this important information sharing and collaboration effort.

Here are three qualifications the Secretary of Homeland Security should seek in prospective board members:

Forensics and research experience: To be most effective, the board needs members who have deep experience in security forensics and research. The board must be able to quickly understand what happened, how attackers entered the system and what they did while inside. To do so, there must be expertise on the board in digital forensics and leading research teams who can explain to the government — in as clear and actionable language as possible — what happened.

Deep technical expertise: Once the board understands what happened, they need to be able to make recommendations on how to stop something similar from happening again. This will require professionals with deep technical expertise and experience, like CTOs, CISOs and other industry leaders, who can analyze the details of the attack and formulate technical solutions for organizations to implement to prevent future similar attacks.

Cybersecurity and business alignment expertise: The board needs to have a firm grasp on the alignment between cybersecurity investment and business goals and objectives. Managing cyber risk means identifying the key risk indicators and calculating an acceptable level of risk, allowing for organizations to make business centered decisions about what a reasonable level of exposure is acceptable. Since the majority of critical infrastructure is owned and operated by the private sector, board recommendations following cyber incidents must be informed by this alignment of cybersecurity and business risk management. Therefore, the board needs leaders with proven experience calculating and mitigating cyber risk through a business lens who can recommend policies that will resonate with other C-Suite leaders.

The Secretary of Homeland Security should consider the above experience and expertise as key assets as it establishes the Cyber Safety Review Board; otherwise, it runs the risk of attenuated and ineffective cyber strategies and recommendations. 

深入瞭解

相關文章

您是否容易受到最新攻擊程式危害?

輸入您的電子郵件地址,以便收到最新 cyber exposure 警示。

免費試用 立即購買
Tenable.io 免費試用 30 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

Tenable.io 購買

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產

選取您的訂閱選項:

立即購買
免費試用 立即購買

免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。完整詳情請見此處。

免費試用 立即購買

試用 Tenable.io Web Application Scanning

免費試用 30 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN

$3,578

立即購買

免費試用 聯絡業務人員

試用 Tenable.io Container Security

免費試用 30 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

免費試用 聯絡業務人員

試用 Tenable Lumin

免費試用 30 天

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。