Table of Contents
Table of Contents

The recent draft of the National Institute of Standards and Technology (NIST) cyber security framework issued by the government in October clearly recommends that every level within an organization should be fully involved in Cyber security. A final version of the voluntary Cybersecurity Framework is currently scheduled for release in February 2014.

 
(NIST) The National Institute of Standards and Technology released its cyber security Framework Core draft for infrastructure networks and private companies as part of President Obama's executive order proposed in February 2013. Primary concerns involve increased protection of our national security, financial institutions, power grid, air traffic control systems, and privacy.
 
The Framework Core, written with the involvement and input of approximately 3,000 experts from both industry and academic institutions, provides guidelines for five core functions to effectively manage and address risks:
 
  • Identify — Create an institutional understanding of motivating factors behind an attack and define a strategic risk strategy.
  • Protect — Develop strong implementation safeguards to prevent interruptions to mission-critical infrastructure services.
  • Detect — Comprehensive threat identification and analysis.
  • Respond — Upon threat detection formulate a comprehensive response plan with prioritized actions to limit the damage.
  • Recover — According to the document, this should "Develop and implement the appropriate activities, prioritized through the organization's risk management process, to restore the capabilities or critical infrastructure services that were impaired through a cybersecurity event."
 
Over the past several years, we've seen an increase in cyber-attacks and attempted threats to information security to critical infrastructures including power utilities and nuclear facilities. In mid-January, it was confirmed that although no classified data was stolen, hackers breached the US Department of Energy's system where they stole personal employee and contractor data.
 
Cimcor_Technical_Summary
Jacqueline von Ogden
Post by Jacqueline von Ogden
November 14, 2013
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time