Cybersecurity

Why Zero Trust is a must for strong corporate governance

May 13, 2024
80 2 minutes read
Untitled design6
66425cef2cce1090a95d180b cybersecuritytechnologyconceptshieldwithkeyholeico.png


Long gone are the days of delegating technology and cybersecurity concerns to be addressed solely by the IT department.

With artificial intelligence (AI), post quantum (PQ), and an ever-intensifying threat landscape, senior leadership teams and boards have a duty of care to make the right investments and provide the strategic guidance and oversight to help keep the organization, employees, customers, and other key stakeholders safe.

If that is not enough incentive, federal agencies are continuing efforts to hasten breach disclosures and hold executives liable for security and data privacy incidents. Pursuing an enterprise-wide Zero Trust strategy is critical for strong corporate governance and increasingly a board level priority.

The Current Framework

NIST’s recently released Cybersecurity Framework (CSF) 2.0 reinforces this strategic link between Zero Trust and governance. The renewed CSF provides guidance and examples for adopting Zero Trust and adds “Govern” to the other five key critical framework functions of Identity, Protect, Detect, Respond, and Recover.

While governance was implied in previous CSF iterations, it is now codified to ensure an organization’s strategy is directly linked to cybersecurity roles and responsibilities, informing the business on what it needs to do to address the other five functions. NIST’s focus on governance reinforces that the entire leadership team is in this together and emphasizes the fiduciary responsibilities of the board.

All this focus on governance is key to minimizing business risk and protecting shareholder value, but also puts tremendous pressure on leadership teams to effectively communicate cyber risk to the Board and meet regulatory requirements. This is where Zero Trust comes in.

Setting Organizations Up for Success

Zero Trust is not a product to buy or a box to check. It is a strategic approach to improve cyber resilience that can also serve to increase organization agility, reduce the cost of compliance, decrease IT complexity and total cost of ownership, and of course, strengthen corporate governance.

CISA’s recently released Zero Trust Maturity Model 2.0 provides a roadmap to pursue a Zero Trust strategy with updated guidelines around the five key pillars of Identity, Devices, Networks, Data, and Applications and Workloads. Like the CSF 2.0, governance is front and center in this latest version. CISA’s updated guidelines reinforce that governance of cybersecurity policies, procedures, and processes within and across the five pillars are essential to improving cyber resilience and maintaining regulatory compliance.

While long considered a cybersecurity best practice, pursuing a Zero Trust strategy is now also an express requirement from both NIST and CISA for strong corporate governance – and organizations should consider it a business imperative.

 



Source

May 13, 2024
80 2 minutes read

Related Articles

OCR Updates Change Healthcare Cybersecurity Incident FAQs

OCR Updates Change Healthcare Cybersecurity Incident FAQs

May 31, 2024
Quantum eMotion Appoints International Cybersecurity Expert as New Board Member

Quantum eMotion Appoints International Cybersecurity Expert as New Board Member

May 17, 2024
Achieving Cyber Resilience, External Cybersecurity & Risk Reduction – Margarita Barrero, Andy Grolnick, Alexandre Sieira – ESW Vault

Achieving Cyber Resilience, External Cybersecurity & Risk Reduction – Margarita Barrero, Andy Grolnick, Alexandre Sieira – ESW Vault

May 30, 2024
The CDO Stack: Filling the Gaps in Your Cybersecurity Arsenal

The CDO Stack: Filling the Gaps in Your Cybersecurity Arsenal

May 1, 2024
Back to top button