NIST Drafts New Cyber Security Framework for 2014

The recent draft of the National Institue of Standards and Technology (NIST) cyber security framework issued by the government in October clearly recommends that every level within an organization should be fully involved in Cyber security. A final version of the voluntary Cybersecurity Framework is currently scheduled for release in February 2014.

 
(NIST) The National Institute of Standards and Technology released its cyber security Framework Core draft for infrastructure networks and private companies as part of President Obama's executive order proposed in February, 2013. Primary concerns involve increased protection of our national security, financial institutions, power grid, air traffic control systems, and privacy.
 
The Framework Core, written with the involvement and input of approximately 3,000 experts from both industry and academic institutions, provides guidelines for five core functions to effectively manage and address risks:
 
  • Identify — Create an institutional understanding of motivating factors behind an attack and define a strategic risk strategy.
  • Protect — Develop strong implementation safeguards to prevent interruptions to mission critical infrastructure services.
  • Detect — Comprehensive threat identification and analysis.
  • Respond — Upon threat detection formulate a comprehensive response plan with prioritized actions to limit damage.
  • Recover — According to the document, this should "Develop and implement the appropriate activities, prioritized through the organization's risk management process, to restore the capabilities or critical infrastructure services that were impaired through a cybersecurity event."
 
Over the past several years, we've seen an increase in cyber attacks and attempted threats to information security to critical infrastructures including power utilities and nuclear facilities. In mid-January, it was confirmed that although no classified data was stolen, hackers breached the US Department of Energy's system where they stole personal employee and contractor data.
Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".