WEBVTT 1 00:00:08.410 --> 00:00:11.840 line:15% Cybersecurity standardization is a way to describe how 2 00:00:11.840 --> 00:00:15.590 line:15% to do cybersecurity in an organized way. 3 00:00:15.590 --> 00:00:19.370 line:15% It's just like, for example, when we speak on the cell phone 4 00:00:19.370 --> 00:00:22.660 or when we use wifi, this is a result of standardization. 5 00:00:22.660 --> 00:00:23.940 So in cybersecurity there are lots 6 00:00:23.940 --> 00:00:25.430 of different ways of doing things. 7 00:00:25.430 --> 00:00:27.350 Standards are written by experts, 8 00:00:27.350 --> 00:00:29.570 who create them in a consensus based way. 9 00:00:29.570 --> 00:00:31.821 And so companies can pick up these documents, 10 00:00:31.821 --> 00:00:34.380 and instead of creating something from scratch 11 00:00:34.380 --> 00:00:37.330 or from their own experts, they have the benefit 12 00:00:37.330 --> 00:00:40.930 of the expertise of the world at their fingertips. 13 00:00:40.930 --> 00:00:44.621 So regulators also use cybersecurity standards sometimes 14 00:00:44.621 --> 00:00:45.990 as a way to point to something 15 00:00:45.990 --> 00:00:47.830 that the organization should do. 16 00:00:47.830 --> 00:00:49.487 But regulators will also look 17 00:00:49.487 --> 00:00:51.998 at standards when they are writing their regulations 18 00:00:51.998 --> 00:00:53.530 as a reference point. 19 00:00:53.530 --> 00:00:56.830 So companies could use standards in an effort 20 00:00:56.830 --> 00:00:58.940 to get ahead of the regulators, 21 00:00:58.940 --> 00:01:02.300 and anticipate what might come out at them at a later date. 22 00:01:02.300 --> 00:01:03.890 Companies get numerous benefits 23 00:01:03.890 --> 00:01:06.100 from cybersecurity standardization. 24 00:01:06.100 --> 00:01:08.360 First and foremost, they get the benefit 25 00:01:08.360 --> 00:01:10.760 of somebody else who is an expert, 26 00:01:10.760 --> 00:01:12.740 multiple somebody elses who are experts, 27 00:01:12.740 --> 00:01:15.270 capturing the information in a standard, 28 00:01:15.270 --> 00:01:17.412 in an organized, simple way. 29 00:01:17.412 --> 00:01:19.730 A company can also demonstrate compliance 30 00:01:19.730 --> 00:01:21.445 for this regulatory requirements. 31 00:01:21.445 --> 00:01:23.250 A company can also demonstrate 32 00:01:23.250 --> 00:01:27.926 to the other companies, to its business partners 33 00:01:27.926 --> 00:01:29.333 who buy its products and services 34 00:01:29.333 --> 00:01:31.662 that it performs good cybersecurity. 35 00:01:31.662 --> 00:01:34.080 Cybersecurity in a company is not limited 36 00:01:34.080 --> 00:01:35.500 to just that business. 37 00:01:35.500 --> 00:01:40.363 So let's say a utility has electricity stuff. 38 00:01:40.363 --> 00:01:42.683 It might take credit cards if it's a distribution 39 00:01:42.683 --> 00:01:45.835 to its utility customers, then it stores customer data. 40 00:01:45.835 --> 00:01:47.600 It might also store employee data, 41 00:01:47.600 --> 00:01:49.810 so it's subject to utility regulations, 42 00:01:49.810 --> 00:01:53.440 then it's subject to data privacy regulations, 43 00:01:53.440 --> 00:01:55.140 then it could be subject to some other things, 44 00:01:55.140 --> 00:01:56.870 for example, for credit cards. 45 00:01:56.870 --> 00:01:59.197 So a standard can help kind of harmonize 46 00:01:59.197 --> 00:02:01.040 all of that, and create a single way 47 00:02:01.040 --> 00:02:03.040 of doing business in different ways 48 00:02:03.040 --> 00:02:05.176 of describing it according to the regulation. 49 00:02:05.176 --> 00:02:07.580 The beauty and the benefit of the standards 50 00:02:07.580 --> 00:02:11.110 is that once the company adopts a framework, 51 00:02:11.110 --> 00:02:12.820 a standard framework, 52 00:02:12.820 --> 00:02:16.290 they can anticipate the next thing happening. 53 00:02:16.290 --> 00:02:18.500 They can anticipate the next regulation. 54 00:02:18.500 --> 00:02:21.740 So standards really help us manage the fact 55 00:02:21.740 --> 00:02:24.010 that cybersecurity is an evolving challenge, 56 00:02:24.010 --> 00:02:25.290 and they help us put a structure 57 00:02:25.290 --> 00:02:27.690 around it and ensure that we do it well.