Cybersecurity Framework: Tests Needed?

From: BankInfoSecurity.com

Debating the Merits of Beta Testing NIST’s ‘Final’ Guide

he creators of the cybersecurity framework will soon begin writing the final version of the guide to information security best practices aimed at helping the operators of the nation’s critical infrastructure secure their information assets (see: Obama, CEOs Meet on Cybersecurity Framework).

But calling it a “final version” is misleading. True, the IT security experts at the National Institute of Standards and Technology, who are shepherding the drafting of the cybersecurity framework, expect to make the Feb. 13 deadline imposed by President Obama. But Adam Sedgewick, the NIST official overseeing the cybersecurity framework, characterizes it as a living document that will be revised over the years as new cyberthreats appear and new ways to mitigate those threats emerge.

The framework will consist of standards, guidelines and best practices aimed to help owners and operators of critical infrastructure manage cybersecurity-related risk while protecting business confidentiality, individual privacy and civil liberties. Adoption of the framework will be voluntary.

Seeking More Industry Feedback

Since Obama directed NIST last February to create the cybersecurity framework, it has held five workshops where it solicited advice from stakeholders on what should be incorporated in the document. Since then, Sedgewick, NIST’s senior information technology policy adviser, has hit the road, attending meetings and conferences seeking more ideas from those outside of government.

Stakeholders have until Dec. 13 to submit their suggestions to NIST at cyberframework@nist.gov.

Sedgewick says NIST should begin to reduce its involvement in the evolution of the framework after mid-February by helping to create a governance structure in which the private sector, not the federal government, takes the lead for future revisions.

Beta Test Needed?

But there’s another reason why the February document won’t be the final version, according to Larry Clinton, president of the trade group Internet Security Alliance. He argues that the cybersecurity framework should be beta tested before the Obama administration approves it.

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

One response to “Cybersecurity Framework: Tests Needed?”

  1. aputsiaqgeisler says:

    Introducing the Examstrust PC-ST-FAT-2019 Dumps and Questions Answers [2023] – your passport to exam success! Our meticulously crafted study materials are designed to elevate your preparation to new heights. With updated content tailored for 2023, these dumps and answers are your ultimate resource for acing the https://www.examstrust.com/product-detail/pc-st-fat-2019-cert-exam.html. Trust in our comprehensive and expertly curated question bank to sharpen your skills and boost your confidence. Stay ahead of the curve and be fully prepared on exam day. Unlock your potential, achieve your goals, and secure your future with Examstrust – where success begins!

Leave a Reply

Your email address will not be published.

Please Answer: *