NTT Brings Global Insight to Latest NIST Framework

Monday, April 16, 2018

Education on ISO 2700 1/2 and NIST Framework Differences at RSA 2018

This year at RSA 2018, NTT Security is discussing the National Institute of Standards and Technology’s (NIST) updated Framework for Improving Critical Infrastructure Cybersecurity and the ISO framework to help security professionals gain a better grasp on how to harmonize frameworks and manage risk. 

The company's firsthand knowledge of the new NIST framework emanates from Shinichi Yokohama, Head of Cyber Security Integration at NTT Corporation, who played a significant role in making recommendations for the new proposed guidelines.  Mr. Yokohama has also been actively internationalizing the new NIST framework through numerous workshops for global enterprise companies and government agencies.

As the resident expert on NIST at NTT, Mr. Yokohama commented "CISOs are constantly searching or the latest tools and framework to help them implement a more proactive and structured approach to cybersecurity. NIST is more focused on risk management best practices, where ISO is essentially a compliance based framework.

"Our goal is to help CISOs and our industry partners understand the impact of implementing the NIST framework, which can potentially encompass an 18-month process for an Enterprise."

One of the challenges in adapting to the new suggested guidelines for improved cybersecurity is navigating the differences between the new NIST framework and ISO 27001/1.  A Peer2Peer session at RSA entitled, "Plan on Moving from ISO 27001/2 to NIST CSF? How? When? presented by John Petrie, Global CISO for NTT Security, is being hosted here at RSA on Wednesday, April 18th to facilitate in-depth conversations between security professionals on this topic.

Additionally, NTT Security is delivering a regularly scheduled presentation in its RSA booth (#1315) throughout the course of the show entitled, "Managing Risk, Not Just Regulation" to further educate attendees on how they can best navigate these compliance frameworks to build a better risk framework for cybersecurity.

"NTTs involvement with NIST is just another prime example of how we are formulating the new science of cybersecurity with numerous new inititatives built on higher levels of customer engagement, regionalization, unprecendented support from our global threat intelligence network and industry-leading R&D," said Khiro Mishra, CEO, NTT Security Americas.

NIST Overview

After extensive coordination with the public and private sectors such as NTT Corporation, NIST released the latest draft of its Framework for Improving Critical Infrastructure Cybersecurity in December 2017.  The latest draft includes several changes to existing guidelines, especially concerning organizations' self-assessment of cybersecurity risks affecting authorization, authentication, identity proofing and disclosure of vulnerabilities.  As a stand-alone refeernce, the framework offers a common and understandable lexicon for cybersecurity risk management: Identify, Protect, Detect, Respond and Recover.

According to NIST, the newest framework is simply guidance for critical infrastructure organizations to voluntarily implement based on existing standards, guidlines and best practices. This new second draft is fully compatible with Version 1.0 and can be used as the basis for communication between organizations.

Notes for editors:

About NTT Security

NTT Security is the specialized security company and the center of excellence in
security for NTT Group. With embedded security we enable NTT Group companies
(Dimension Data, NTT Communications and NTT DATA) to deliver resilient business
solutions for clients’ digital transformation needs. NTT Security has 10 SOCs, seven
R&D centers, over 1,500 security experts and handles hundreds of thousands of
security incidents annually across six continents.

NTT Security ensures that resources are used effectively by delivering the right mix of
Managed Security Services, Security Consulting Services and Security Technology for
NTT Group companies – making best use of local resources and leveraging our global
capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone
Corporation), one of the largest ICT companies in the world. Visit to
learn more about NTT Security or visit to learn more about
NTT Group.

For more information, please contact us here: