San Francisco (February 26, 2020) - the Seamless Security paper promotes cybersecurity risk management, the use of international standards and interoperable national cyber frameworks as the best approach to improving cybersecurity outcomes globally.

SAN FRANCISCO -- Today, the Coalition to Reduce Cyber Risk (CR2) released a white paper calling for a more coordinated global approach to cybersecurity risk management as countries put forward national frameworks for securing information systems and data. Specifically, CR2 encourages government regulators from all countries and all sectors of the global economy to leverage best-in-class international standards, such as ISO/IEC 27101 and ISO/IEC 27103, as the starting point for their approach to cybersecurity.

At the same time that global cyber threats increase in sophistication, the global digital supply chain links multinational companies with small and medium sized businesses around the world. This type of interconnectedness necessitates an approach to cyber risk management that crosses industrial sectors as well as geopolitical borders.

The Seamless Security white paper describes how international, national and sectoral frameworks can leverage a common baseline, enabling consistency and interoperability while also building off that common baseline to address any unique concerns of their particular users. It also reflects the collective experience of CR2 members that have worked with governments and internally to implement cyber risk management programs across dynamic global infrastructures and operations. It further highlights that globally recognized frameworks, standards and approaches help companies manage and evaluate security at scale and focus on protecting their customers. Many of those cyber risk management approaches harness common security principles, desired outcomes and controls through frameworks and sector-specific profiles.

“CR2 is calling for global approach to cybersecurity risk management underpinned by interoperable frameworks," said Alexander Niejelow, President of the CR2 Board of Directors and Senior Vice President of Cybersecurity Coordination and Advocacy for Mastercard. "Our companies recognize that good cybersecurity risk management rests on a common security baseline of practices as well as a common taxonomy and lexicon. By recognizing this common core as a global standard, companies can more effectively reduce risk as we work across multiple economies and sectors."

The paper was released today at an event hosted by CR2 at Microsoft’s San Francisco offices. The event featured speakers from CR2 member companies and include representatives from the U.S. government, multiple foreign government and the private sector. The discussion focused on the findings and recommendations of the paper, as well as a strategy for operationalizing those recommendations.

The Coordinated Solution from the White Paper states:

“Numerous national governments and sectoral regulators have already adopted an approach that’s consistent with using ISO/IEC 27103 as the core of their cyber framework, reducing barriers to coordination and enabling cross-border, cross-sector cooperation to address shared cyber threats.

We encourage government regulators from all countries and all sectors of the global economy to leverage ISO/IEC 27103 as the starting point for their approach to cybersecurity. The consistency that a common baseline, taxonomy, and lexicon provide will enable government and industry alike to better mitigate threats to their organizations and to our societies as a whole.”