President Obama Unveiled the Voluntary Cybersecurity Framework
Yesterday, President Obama unveiled the Framework for Improving Critical Infrastructure Cybersecurity (http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf) which was created in response to Executive Order 13636 (http://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf). The Framework is supposedly targeted to better protect infrastructure critical to the United States by helping organizations to assess their current threats and efforts in the cybersecutity arena and then to help create a plan to achieve better security—it is not a prescription for cybersecurity.
The seven steps are:
- Prioritize and Scope
- Create a Current Profile
- Conduct a Risk Assessment
- Create a Target Profile
- Determine, Analyze and Prioritize Gaps
- Implement an Action Plan
Clearly, the tool, while intended for infrastructure critical entities, is useful and has application to many other organizations.