Source: Click Here
The Obama administration announced the launch of the cyber security framework.The framework is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that President Obama announced in 2013.
The framework is said to provide existing global standards and practices to help organizations understand,communicate and manage their cyber risks.For the organizations that do not know where to start it serves as a roadmap.It also provides a better way to communicate with their CEO's and suppliers about cyber risks.
The framework components(the framework core,profiles and tiers) reinforces the connections between business drivers and cyber activities.The Framework Core is a set of activities and informative references-The activities are grouped into five segments:Identify,Protect,Detect,Respond,Recover.The Profiles can help organizations align cyber activities with business requirements,risk tolerances and resources.The Tiers provide a way to view their approach and processes for managing cyber security which range from Tier 1 Partial to Tier 4 Adaptive.
It is a good approach to help organizations build their security infrastructure.The Program is a voluntary one which helps organizations connect with companies and share experiences .The Critical Infrastructure Cyber Community (C3) Voluntary program will help increase awareness.It is interesting to find out how many organizations have got involved in this move and what effects it has brought to an organization.I will need to search more on this to see the effect.I am sure this is beneficial for many companies especially start-ups and small scaled to get support and build upon a framework for securing their environment.
The Obama administration announced the launch of the cyber security framework.The framework is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that President Obama announced in 2013.
The framework is said to provide existing global standards and practices to help organizations understand,communicate and manage their cyber risks.For the organizations that do not know where to start it serves as a roadmap.It also provides a better way to communicate with their CEO's and suppliers about cyber risks.
The framework components(the framework core,profiles and tiers) reinforces the connections between business drivers and cyber activities.The Framework Core is a set of activities and informative references-The activities are grouped into five segments:Identify,Protect,Detect,Respond,Recover.The Profiles can help organizations align cyber activities with business requirements,risk tolerances and resources.The Tiers provide a way to view their approach and processes for managing cyber security which range from Tier 1 Partial to Tier 4 Adaptive.
It is a good approach to help organizations build their security infrastructure.The Program is a voluntary one which helps organizations connect with companies and share experiences .The Critical Infrastructure Cyber Community (C3) Voluntary program will help increase awareness.It is interesting to find out how many organizations have got involved in this move and what effects it has brought to an organization.I will need to search more on this to see the effect.I am sure this is beneficial for many companies especially start-ups and small scaled to get support and build upon a framework for securing their environment.
I wonder what they actually plan on doing with this. Companies that have an interest in being secure already know where to go for guideline. Those that don't have an interest aren't looking. I have had quite a few conversations with smaller businesses about PCI requirements and the changes coming later this year and not one has even known that they need to be ready to support Chip and Pin CC's. And PCI is really being pushed by Credit Card companies. So I do wonder how anyone who doesn't already know about where to find this information is actually going to be able to use this.
ReplyDeleteHey Tony,Thanks for your valuable inputs.It is very interesting to read your comment and know what the actual industries think about this.I agree with your question to see where this will make sense for many if at all.But I am sure they will have more deep analysis to follow to be able to provide support or may outsource the process for someone to build upon if they believe this should be pushed through before they call it off.
ReplyDelete