CISA Launches Project to Assess Effectiveness of Security Controls

Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has relaunched a key working group, with ambitious plans to understand the effectiveness of security controls in tackling ransomware and other threats.

The Cybersecurity Insurance and Data Analysis Working Group (CIDAWG) was originally founded in 2016, although the new iteration will be very different, according to CISA deputy director, Nitin Natarajan.

“The working group was re-established to create a venue for collaboration and forward progress with industry on topics where we have shared interests – specifically, understanding what security controls are working most effectively to defend against cyber incidents,” he explained.

“This will help organizations to better understand where to invest resources and will allow the government to ensure our future investments are making the greatest impacts. To put it simply, we want to understand what ‘good’ looks like.”

Read more on CISA initiatives: CISA Updates Zero Trust Maturity Model With Public Feedback

This is especially important in the context of the ransomware epidemic sweeping the US. A 60% annual increase in incidents reported to the FBI has helped to drive a 49% surge in overall cybercrime losses, from $6.9bn in 2021 to $10.3bn last year, Natarajan noted.

Understanding which security controls are most effective will be key to driving best practice and improving baseline security across organizations, CISA claimed.

When it relaunches in December, CIDAWG will team up with Stanford’s Empirical Security Research Group, with a mission to correlate data with cybersecurity controls to understand their effectiveness.  

“CISA will ask working group members to collaborate with Stanford to improve analysis of the aggregated, anonymized loss data and link it with controls effectiveness,” Natarajan explained.

“This analysis will be a resource both for insurers to inform their risk analysis and for CISA to better understand whether efforts like the Cyber Performance Goals (CPGs) and the Secure by Design initiative are translating to reduced cyber risk exposure for organizations that adopt them.”

Products You May Like

Articles You May Like

FTC Slams Avast with $16.5 Million Fine for Selling Users’ Browsing Data
Watching out for the fakes: How to spot online disinformation
Everything you need to know about IP grabbers
Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT

Leave a Reply

Your email address will not be published. Required fields are marked *