The acting Under Secretary of Commerce for Standards and Technology today called on corporate CEOs and board members to take active roles in managing how their institutions deal with cybersecurity risks.
Speaking at the "Board Agenda: CYBER" conference in Washington, D.C., Dr. Willie May said, "As CEOs, board members, or other senior leaders of your organizations, managing cyber risks is one of the most important things you can do to protect your assets, your customers, and your companies." May also is the acting director of the National Institute of Standards and Technology (NIST).
May said that top corporate managers should review and consider using the Framework for Improving Critical Infrastructure Cybersecurity, a voluntary guidance document issued by NIST a year ago last February. The product of a year-long collaboration of cybersecurity and management experts from the federal government, industry and academia, the framework was designed to be a risk management approach that builds on recognized best practices and standards for cybersecurity.
May said preventing all successful cyber attacks is likely not possible, however a company can use the framework to help make successful attacks substantially more difficult and to facilitate rapid detection and recovery. "The goal is a balanced approach that both protects and quickly detects when something is amiss. And it's one that emphasizes being prepared with a strong response and recovery plan," he said.
May said that the framework already is being used effectively by firms ranging from major multinationals to small businesses. The full prepared text of May's remarks is available from the NIST website.