[1]Why NIST is so popular in Japan:

[1]Why NIST is so popular in Japan:

Written by [2]Cynthia Brumfield
Nov 8, 2018 | CYBERSCOOP

While all organizations around the globe continue to grapple with
chronic shortages of qualified cybersecurity workers, Japan is
tackling the problem in a significant way by turning to two U.S.
government technology frameworks to help manage its own information
security manpower shortages.

Japanese industry has turned to the National Institute of Standards
and Technology's (NIST) Cybersecurity Framework and National
Initiative for Cybersecurity Education (NICE) Workforce Framework in
an effort to fill the unique cybersecurity skills gap characteristic
of Japanese companies.

Speaking at NIST's Cybersecurity Risk Management Conference in
Baltimore, Maryland, Masato Kimura, a manager in the cybersecurity
R&D planning department at Japanese telecom giant NTT, said that the
NIST workforce framework in particular plays a pivotal role in Japan
due to the high level of reliance by Japanese companies on
outsourced IT and cybersecurity personnel.

In the U.S., around 71.5 percent of IT professionals work in-house,
but in Japan, only 24.8 percent are company employees, according to
Kimura.

Yet even in-house IT professionals in Japan fall short of achieving
the required cybersecurity expertise.

Employment in Japan is a lifetime proposition, with workers
typically rotating into new jobs every two to three years, making it
difficult for employees to develop strong cybersecurity skills.
Compounding the problem, Japan will be facing a shortage of 193,010
cybersecurity professionals by 2020, prompting the Japanese Business
Federation to declare that it is urgent and crucial to increase the
pool of skilled in-house cybersecurity workers.

"Japanese critical infrastructure needs talents who are able to
understand what the IT vendors are doing and [serve] as a bridge
between C-suites and engineers," Kimura said.

Kimura is also Secretariat of Japan's Cross Sectors Forum, a group
of 44 Japanese companies from the chemical, financial,
manufacturing, media and transportation sectors. These companies
decided in 2015 to band together to establish an ecosystem to
educate, recruit, retain and train cybersecurity professionals in
collaboration with academia and the government.

Toyota, Mitsubishi, Sony, Panasonic, NTT, NEC, Hitachi, Fujitsu and
Toshiba are among the Forum's members.

Additionally, NIST's Cybersecurity Framework helped provide a means
for the forum members to communicate about cybersecurity across
their diverse business sets.

"A common language is needed to apply to all the sectors," Kimura
said.

"Cybersecurity is difficult to implement unless you have common
terms," Lauri Korts-Pärn, Senior Security Architect at NEC said,
noting that the NIST Framework, which is independent of any
industry, serves that purpose.

The Forum hosts monthly plenary meetings as well as four monthly
working groups that focus on workforce definition, workforce
development, information sharing and collaboration with academia.

The Forum also hosts an annual conference for C-suite executives and
invites government into cybersecurity discussions. Among the tools
produced by these efforts are talent definitions, outsourcing
guidelines and a CISO calendar.

The Forum developed a draft mission list and mapped it to the
cybersecurity and workforce frameworks to develop outsourcing
guidelines and CISO calendars. Because NIST has mapped the
Cybersecurity Framework to the most commonly used information
security standard used in Japan, the ISO/IEC 27001, it's far easier
for Japan to embrace the framework's recommendations.

The appeal of NIST's Cybersecurity Framework was so strong in Japan
that the country's Information Technology-Promotion Agency, or IPA,
became the first foreign entity to translate the Framework fully
from its English language version into another language in 2014.

Because of the framework, the forum was able to define and
understand what kinds of cybersecurity talents member companies need
and even prompted some members to sponsor cybersecurity courses to
fill those needs.

"We can now show the reality of Japanese industry to Japanese
universities," Kimura said. The NIST framework also spurred the
Japanese government to incorporate the Forum's insights into the
country's national cybersecurity strategy and sparked a number of
public, private and academic collaborations.

The forum has already created a database of cybersecurity training
programs available for its members, cross-referenced by the talent
definitions it devised. The next steps for the forum including even
more innovations, including producing a guidebook for its members
outlining the cybersecurity talent definitions it has devised and
laying out CISO calendar and outsourcing requirements.

Cynthia Brumfield is a veteran communications and technology analyst
who is now focused on cybersecurity. She runs a cybersecurity news
and information site, Metacurity.com.

(Via [3]Cyberscoop)

I had an interesting discussion on this topic with some colleagues on
this very topic last week. I can't go into details, but the level of
knowledge around NIST Framework here in Japan is greater than in most
of the rest of Asia, South America, and parts of Europe.
Also on:

[4]Twitter
__________________________________________________________________

My original entry is here: [5]Why NIST is so popular in Japan. It
posted Fri, 09 Nov 2018 06:11:30 +0000.
Filed under: business, Japan,

References

1. https://www.cyberscoop.com/nist-japan-workforce/
2. https://www.cyberscoop.com/author/cynthia-brumfield/
3. https://www.cyberscoop.com/feed/
4. https://twitter.com/prjorgensen/status/1060777923542745088
5. https://www.prjorgensen.com/?p=2257