Every month, SecureState CEO Ken Stasiak addresses the hottest topics in information security, providing his unique spin on all the issues. Continue reading
The National Institute of Standards and Technology (NIST) has recently begun to draft documentation on how to incorporate an across-the-board security standard for all organizations that are considered to be part of the country’s critical infrastructure, adding yet another layer to an already convoluted process. The goal is to gain buy-in from both the private and public sector as to what process would work best as a type of blanket framework for every different type of organization. Although the NIST framework, and how it is implemented, are both in need of repair, the way NIST is going about this seems to add frustration instead of solving any problems.
In recent years, social networking has exploded in popularity and utilization within the business environment. One of the initial efforts by the current presidential administration was to bring this social networking to the federal sector. Based on this article those efforts have increased the adoption for social media within the workplace.
As directed by the February Executive Order from President Obama, the Federal Government issued a Request for Information to receive feedback regarding the National Institute of Standards and Technology’s (NIST) plans to develop a Cybersecurity framework for Critical Infrastructure. The purpose of the RFI was to gain information on what best practices and standards should be included in the future framework from Owners and Operators of Critical Infrastructure. But it’s about time that the security industry stops looking to new standards to solve the problem and learn how to adopt and implement what they already have! The problem does not lie in the standards themselves, but in the marketing and execution behind the standards to get the business executives involved.
Commercial organizations may wish to utilize existing frameworks to implement IT Security best practices. NIST’s Risk Management Framework is among the options available. As a C-level official or security professional, you may choose to use this framework or require compliance in response to gaining federal business partnerships and contracts. Below is a little background, followed by the recipe for success in a commercial implementation of NIST’s Risk Management Framework.