/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPORTLAND, USA: Tripwire, Inc., provider of risk-based security and compliance management solutions, today announced the results of a survey of over 150 attendees at the RSA Conference USA 2014 in San Francisco, California.
The National Institute of Standards and Technology (NIST) introduced a new cybersecurity framework on February 12th, 2014.
While federal contractors must demonstrate some form of adoption, the framework is completely voluntary for organizations in the private sector. When asked, "Should NIST offer tax incentives to the private sector to increase adoption of the NIST Framework," 72 per cent of survey respondents said "yes."
"It's encouraging that security professionals are optimistic about the potential of a tax incentive to drive adoption of NIST cybersecurity framework," said Dwayne Melancon, chief technology officer for Tripwire.
"However, in spite of the potential ‘carrot,' I suspect a lot of private sector organizations will only pay lip service to the NIST framework until there is a ‘stick' to motivate them. That said, there have been many discussions among private sector organizations regarding the possible use of the NIST cybersecurity framework as the ‘standard of care' against which organizational security efforts will be measured," said Melancon.
"If corporate boards and lawyers get involved, in addition to a tax motivation, the resulting momentum could be enough to significantly change the adoption curve," added Melancon.