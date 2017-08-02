|
|[January 05, 2017]
|
New Research Reveals Top Five Impediments to Cybersecurity Framework Implementation
Tenable
Network Security®, Inc., a global leader in cybersecurity, and the Center
for Internet Security® (CIS), a nonprofit that harnesses the power
of the global IT community to safeguard private and public organizations
against cyber threats, released findings today from their co-sponsored Cybersecurity
Frameworks and Foundational Security Controls Survey, which shows 95
percent of organizations face significant challenges when implementing
leading cybersecurity frameworks.
The survey tallied responses from more than 300 primarily U.S. and
European IT security decision makers from organizations of various sizes
and representing 15 industry verticals to better understand the adoption
and maturity of cybersecurity frameworks and their underlying security
controls. According to survey data, three out of the top five
impediments to cybersecurity framework implementation were technological
in nature, suggesting a need for software solutions that can automate
and simplify cybersecurity framework adoption.
The top five impediments to cybersecurity framework implementation were
reported as follows:
-
Lack of trained staff
-
Lack of necessary tools to automate controls
-
Lack of budget
-
Lack of appropriate tools to audit continuous effectiveness of controls
-
Lack of integration among tools
"Cybersecurity frameworks are a good way for IT security professionals
to create a solid baseline for measuring security effectiveness and to
meet compliance requirements, but it can be a challenge to do this
without the tools, talent and support from executive leadership," said
Cris Thomas, strategist, Tenable Network Security. Having the proper
tools and intuitive reporting features in place not only improves
overall cybersecurity, but also can help organizations eliminate some of
the staffing and budget problems by automating the implementation and
integration of their security frameworks."
Despite reported obstacles, respondents who have adopted security
frameworks see clear benefits, including compliance with contractual
obligations (47 percent), achieving measurable security improvements (43
percent), improved maturity and effectiveness of security operations (43
percent) and the ability to more effectively demonstrate security
readiness to business leadership (41 percent).
While comprehensive framework adoption can be time-intensive, notable
progress is possible within specifically defined timeframes. In fact,
survey data show that among companies that have started adopting a
cybersecurity framework more than a year ago, 35 percent have automated
11 or more of the 15 foundational subcontrols. Even among those who have
begun framework adoption less than a year ago, 25 percent of
organizations have automated six or more subcontrols - an increase of 15
percentage points - indicating signs of continued improvement.
"A resilient cybersecurity program starts with a strong foundation of
actions found in every cybersecurity framework, like having control of
hardware and software assets, continuous assessment of vulnerabilities,
and control of administrative privileges," said Tony Sager, senior vice
president and chief evangelist of CIS. "Based on this survey, we know
security pros are working hard to put these controls in place, but they
are still struggling to get resources and management support to move
beyond human-intensive controls and paper policies. We need to
accelerate moving toward automation of these controls as organizations
continue to adopt industry frameworks. Additionally, many organizations
are successfully using the CIS
Controls as a management tool to help them succeed with their
adopted frameworks."
To learn more about the survey findings, including the challenges and
benefits associated with adoption of the first five CIS Controls,
register for the upcoming webinar "Achieving
Effective Cyber Hygiene with CIS Critical Security Controls" at
2:00 p.m. ET on Wednesday, Jan. 18, 2017, hosted by Ted Gary of Tenable
and Tony Sager of CIS.
For more information on the survey findings and to download an
infographic, videos, and additional assets, check out the Foundational
Controls Adoption LookBook.
About Tenable Network Security
Tenable Network Security transforms security technology for the business
needs of tomorrow through comprehensive solutions that provide
continuous visibility and critical context, enabling decisive actions to
protect your organization. Tenable eliminates blind spots, prioritizes
threats, and reduces exposure and loss. With more than one million users
and more than 20,000 enterprise customers worldwide, organizations trust
Tenable for proven security innovation. Tenable customers range from
Fortune Global 500 companies, to the global public sector, to mid-sized
enterprises in all sectors, including finance, government, healthcare,
higher education, retail and energy. Transform security with Tenable,
the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.
About the Center for Internet Security
CIS, CISecurity.org,
is a forward-thinking, nonprofit entity that harnesses the power of a
global IT community to safeguard private and public organizations
against cyber threats. Our CIS Controls and Security Benchmarks are the
global standards and recognized best practices for securing IT systems
and data against the most pervasive attacks. The proven guidelines are
continually refined and verified by a volunteer, global community of
experienced IT professionals. CIS is home to the Multi-State Information
Sharing & Analysis Center (MS-ISAC®), the go-to resource for cyber
threat prevention, protection, response, and recovery for state, local,
tribal and territorial governments.
