In recent years, social networking has exploded in popularity and utilization within the business environment. One of the initial efforts by the current presidential administration was to bring this social networking to the federal sector. Based on this article those efforts have increased the adoption for social media within the workplace.
As directed by the February Executive Order from President Obama, the Federal Government issued a Request for Information to receive feedback regarding the National Institute of Standards and Technology’s (NIST) plans to develop a Cybersecurity framework for Critical Infrastructure. The purpose of the RFI was to gain information on what best practices and standards should be included in the future framework from Owners and Operators of Critical Infrastructure. But it’s about time that the security industry stops looking to new standards to solve the problem and learn how to adopt and implement what they already have! The problem does not lie in the standards themselves, but in the marketing and execution behind the standards to get the business executives involved.
Commercial organizations may wish to utilize existing frameworks to implement IT Security best practices. NIST’s Risk Management Framework is among the options available. As a C-level official or security professional, you may choose to use this framework or require compliance in response to gaining federal business partnerships and contracts. Below is a little background, followed by the recipe for success in a commercial implementation of NIST’s Risk Management Framework.