Executive Order
13636, Improving Critical Infrastructure Cybersecurity, signed on February 12,
2013, and its follow on NIST document, Framework for Improving Critical
Infrastructure Cybersecurity, published on February 12, 2014, discuss coming up
with a plan to ensure the cybersecurity of the nation its businesses. It is
voluntary, but sets out to put into place a set of guidelines across a common
language to ensure the safety and cybersecurity of the economy, the public, and
businesses alike.
By creating a
living document, they intend to make it usable for both large and small
organizations. The idea is to create a framework consisting of three parts for
cybersecurity. The three parts of the framework are the core, profiles, and
tiers. The core is cybersecurity activities, outcomes, and references common
across critical infrastructure sectors. They provide detailed guidelines for
organizations to create their profiles. The profiles help an organization align
with its business requirements, risk tolerances and resources. Tiers are to
help an organization understand their approach to managing cybersecurity risk.
The Executive
Order requires a methodology be included to protect individual privacy and civil
liberties. The framework is designed to work for any business small or large,
and is not a one size fits all. Because many companies operate overseas, the
goal is to get the international community involved in the framework as well.
Thanks for sharing useful information on critical infrastructure cybersecurity. I found this blog very useful.
ReplyDelete