Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎08-20-2018 04:08 PM
‎08-20-2018 04:08 PM

NIST Small Business Cybersecurity Act signed into Law

Hi All

 

So what impact will this new Act have on Small Businesses?

 

https://www.scmagazine.com/president-signs-nist-small-business-cybersecurity-act-into-law/article/78...

 

Regards

 

Caute_cautim

Reply
0 Kudos
12 Replies
CraginS
Defender I
‎08-28-2018 03:07 PM
‎08-28-2018 03:07 PM

All the new law effectively does is tell NIST to go write more 800- series publications to help small businesses know what to do. My concern is whether the NIST staff and contractors will adopt a customer-centric approach to developing the pubs, involving ALL of the stakeholder communities in the research and writing. 
Having worked for almost twenty years on meeting the FISMA requirements for DOD IT systems under DITSCAP, then DIACAP, then RMF, I have had to read thousands of pages of NIST SPs: 800-30, -37, -53, -53A, -60, -63-3, -63A, -63B, -63C. Most small businesses have neither the staff time nor knowledge base to absorb such massive, confusing guidance.

The NIST Small Business cybersecurity effort will make a difference ONLY if they bring together a well-informed stakeholder team and first research how small business actually operate. Their guidance must be in small, easily digestible pamphlets, not hundred page tomes, and must provide actionable, affordable recommendations that small business owners will be able and willing to carry out, with clearly meaningful results.

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos
Caute_cautim
Community Champion
‎08-28-2018 03:56 PM
‎08-28-2018 03:56 PM

In that case, try this UK simplification and encouragement for Small Businesses:

 

https://www.ncsc.gov.uk/smallbusiness

 

Is this a suitable approach?

 

Regards

 

Caute_cautim

 

Reply
0 Kudos
Caute_cautim
Community Champion
‎10-27-2018 07:34 PM
‎10-27-2018 07:34 PM

So the local government of the day in New Zealand releases the statistics on Small businesses:

 

97% of all businesses here are fall into the category of 20 or less employees, with a total of 500,000 such organisations.   The population is only 4 Million here in New Zealand, so the rest of the organisations are foreign owned or large i.e. CSPs and similar etc.

 

https://www.beehive.govt.nz/sites/default/files/2017-12/Small%20Business%20-%20Annex%203%20Small%20B...

 

So when New Zealand changes the Privacy Act, to bring it back into alignment with the EU, and GDPR with mandatory data breach disclosure, and increased penalties - the number of liquidations may suddenly increase.

 

Sounds like increased collaboration is needed to assist these organisations, as they definitely have an effect on the economic outcomes of the nation. 

 

Cyber insurance will only provide a temporary level of protection and room to maneuver, until the premiums go up and additional measures are required. 

 

There must be similar countries with similar situations like these here too.

 

Regards

 

Caute_cautim

Reply
0 Kudos