Less than a month until the new American administration, Wired predicts what will change in US cybersecurity policy - and regulations. [… ] “more regulation will be dismantled than introduced.” Biden’s presidency was “riddled with new cyber regulation” that sometimes confused and overburdened industry, he adds. “The new White House will be looking to reduce regulatory burdens while streamlining smart compliance.”
The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...
With the new UK Labour government, changes are expected in legislation and regulations for risk and resilience. The Cyber Security & Resilience Bill will be coming before Parliament in 2025, helping government ‘build a better picture’ of the cyber threat landscape. The Bill will [… expand] the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. ...
Prudential Standard 234 Information Security
The Cloud Control Matrix (CCM) is a cybersecurity control framework developed by the Cloud Security Alliance (CSA) that provides a comprehensive set of security and compliance controls for cloud computing environments. From the Cloud Security Alliance: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance. ...
Cyber security is not just an issue for the IT department. It is a business risk that affects everybody. Report: Cyber and the CFO
The Cyber Resilience Assessment Framework (C-RAF) was designed to help Hong Kong financial services organisations evaluate their ability to prepare for, respond to, and recover from cyber threats and incidents. C-RAF 2.0 provides a systematic approach for assessing critical systems, processes, and governance, focusing on strengthening resilience against evolving cyber risks. C-RAF was developed by the HKMA and is applicable for all Authorised Institutions, known as AIs, the banks and financial services organisations under HKMA supervision. ...