The American National Standards Institute (ANSI) has launched a cybersecurity portal which features an extensive database of top public- and private-sector resources and provides information on the contributions of ANSI, members of the ANSI Federation, and the broader standardization community to address issues related to cybersecurity. This new activity highlights ANSI's support of National Cyber Security Awareness Month (NCSAM), an initiative supported by the U.S. Department of Homeland Security (DHS), the National Cyber Security Alliance, and the Multi-State Information Sharing and Analysis Center to engage and educate public- and private-sector partners about leading cybersecurity issues.
In an effort to provide convenient access to ANSI's various areas of work in support of cybersecurity, the new portal at www.ansi.org/cyber features publications and comprehensive lists of cyber-related resources, including government and private-sector cybersecurity initiatives, ANSI standards packages on IT security, and information on ANSI's conformity assessment activities in this area.
Among the documents freely available on the portal is The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security (2012), published by ANSI via its Identity Theft Prevention and Identity Management Standards Panel (IDSP) in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance (ISA). The report addresses the most common threats and vulnerabilities to the security of protected health information (PHI) and suggests safeguards and controls that organizations can put in place to mitigate the risk of a breach. Additional documents available on the portal include a pragmatic action plan for addressing cybersecurity from an enterprise-wide perspective, a framework designed to help business executives in the analysis, management, and transfer of financial risk related to cyber-attack, and several reports focused on preventing identity theft and fraud.
ANSI is involved with cybersecurity prevention in several platforms, including through its accreditation program for personnel certification bodies under ANSI/ISO/IEC 17024, which includes accreditation of certification bodies for cybersecurity professionals. The institute is also recognized as the accreditor for the U.S. Department of Defense (DOD) Information Assurance (IA) Workforce Improvement Program. Under DOD directive 8570, all agency employees and contractors involved in information assurance must receive and maintain certification for the highest level functions that they perform related to data management, use, processing, storage, and transmission.
The portal is a valuable resource at a time when cybersecurity is a critical priority for businesses as vulnerabilities such as increased risk of theft, fraud, and abuse continue to affect every type of business connected to the web. A 2015 Global Cyber Security Status Report by ISACA highlights this issue, with 83 percent of the organization's 3,400 members indicating that cyber-attacks are among the top three threats facing organizations today.
Cybersecurity has also been identified as one of the top issues of concern to the ANSI Company Member Forum, a venue for ANSI members representing the broad spectrum of U.S. industry to come together to discuss national, regional, and global standards and conformity assessment issues.
Getting Involved and Informed on NCSAM
In addition to National Institute of Standards and Technology (NIST) and private-sector cybersecurity resources, ANSI's portal features U.S. Department of Homeland Security resources, including the Critical Infrastructure Cyber Community Voluntary Program or C3 (C-Cubed), which will be participating in a webinar on October 8 2:00pm-3:00pm EDT, alongside representatives from the National Cyber Security Alliance, the Council of Better Business Bureaus, and the Federal Trade Commission. The webinar entitled "Creating a Culture of Cybersecurity at Work," will feature panelists who will discuss the security landscape for businesses and highlight resources available to establish cultures of cybersecurity. All interested stakeholders can sign up for the webinar here.