|By Business Wire||
|March 10, 2014 12:21 PM EDT||
Promontory Financial Group today announced it has launched a new Web-based tool to assist companies in using a new cybersecurity framework released by the National Institute of Standards and Technology.
Earl Crane is a senior principal at Promontory Financial Group and the former director for federal cybersecurity policy on the White House National Security Staff. (Photo: Business Wire)
The NIST developed the “Framework for Improving Critical Infrastructure Cybersecurity” as directed in a February 2013 executive order that called for a voluntary, risk-based framework incorporating industry-leading practices and standards. Supervisors are likely to draw upon the framework when conducting examinations and updating their examination procedures. It is widely expected to become a critical component of any rigorous cybersecurity program in both financial and nonfinancial institutions.
"Many firms with high-performing cyberrisk management functions are already using elements of the framework internally,” said Earl Crane, a senior principal at Promontory. “However, they are now starting to use the framework to communicate their requirements and hold accountable their vendors, third-party service providers, and outsourced operations.”
The flexible, Web-based Cyberrisk Assessment Tool allows financial institutions to identify, manage, and report on cybersecurity risk, consistent with existing regulatory frameworks. The software, designed by industry experts and former compliance examiners, can be used to guide a company as it uses the NIST framework to improve its cyberrisk management programs and assess the cybersecurity of third parties.
“Regulators have recently noted the potential for third-party vendors to represent a weak link in an institution’s overall information-security system,” Crane said. “We believe this is the first tool to use the framework to manage vendor cyberrisk and reduce third-party risk exposure.”
“While the NIST cybersecurity framework is voluntary, it is emerging as one of the most important blueprints for cyberrisk management in regulated and nonregulated companies,” said Michael Dawson, a managing director at Promontory. “This tool helps companies use the framework in a robust, well-documented, and user-friendly way.”
Promontory Financial Group, headquartered in Washington, D.C., is the world’s foremost expert in financial risk, regulation, and compliance. The firm helps companies and governments around the world manage complex risk and meet their greatest regulatory challenges, thereby making its clients stronger and the financial system safer for consumers. Promontory has offices in New York, San Francisco, Atlanta, and Denver, and affiliate offices in Brussels, Dubai, Hong Kong, London, Milan, Paris, Singapore, Sydney, Tokyo, and Toronto. Eugene A. Ludwig, who served as U.S. comptroller of the currency under President Bill Clinton, founded Promontory in 2001.
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
Jan. 19, 2017 04:15 AM EST Reads: 3,441
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Jan. 19, 2017 04:00 AM EST Reads: 5,352
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
Jan. 19, 2017 03:30 AM EST Reads: 381
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackIQ...
Jan. 19, 2017 01:15 AM EST Reads: 7,799
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Jan. 19, 2017 01:15 AM EST Reads: 6,096
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
Jan. 19, 2017 01:00 AM EST Reads: 1,279
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jan. 19, 2017 12:45 AM EST Reads: 4,692
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of Dev...
Jan. 19, 2017 12:00 AM EST Reads: 4,177
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
Jan. 18, 2017 11:15 PM EST Reads: 4,476
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
Jan. 18, 2017 09:45 PM EST Reads: 6,519
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Jan. 18, 2017 09:30 PM EST Reads: 7,636
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it m...
Jan. 18, 2017 09:30 PM EST Reads: 5,747
In their general session at 16th Cloud Expo, Michael Piccininni, Global Account Manager - Cloud SP at EMC Corporation, and Mike Dietze, Regional Director at Windstream Hosted Solutions, reviewed next generation cloud services, including the Windstream-EMC Tier Storage solutions, and discussed how to increase efficiencies, improve service delivery and enhance corporate cloud solution development. Michael Piccininni is Global Account Manager – Cloud SP at EMC Corporation. He has been engaged in t...
Jan. 18, 2017 08:15 PM EST Reads: 4,888
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Jan. 18, 2017 07:30 PM EST Reads: 3,151
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus o...
Jan. 18, 2017 06:15 PM EST Reads: 4,202